The purpose of NDB scheme?

The passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017 formed the Notifiable Data Breaches (NDB) scheme in Australia. This is applicable to all organizations with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act) from 22 February 2018. According to the Privacy Amendment (Notifiable Data Breaches) Act 2017 (NDB Act) organizations have to notify individuals whose personal information is compromised in a data breach which is likely to result in serious harm.

To whom NDB scheme is applicable?

NDB scheme is applicable to any organization/ agency that requires to secure the personal information under the Privacy Act 1988. In addition to Australian Government agencies, this legislation is applicable to business organizations and not-for-profit organizations with an approximate annual turnover of AUD$3 million or more. 

Penalties in case of non-compliance with NDB scheme

NDB scheme strengthens the security of personal information and improves transparency in the way agencies and organizations respond to serious data breaches. It encourages a higher standard of personal data security across Australia.
Under this new legislation, if any organization has committed "serious or repeated non-compliance with mandatory notification requirements", is entitled to face penalties of up to $360,000 for individuals and $1.8 million for organizations.

To know how ARCON Privileged Access Management (PAM) helps complying with the NDB Legislation Compliance - Download your copy