Tougher cyber security laws in full force
Australian health service providers can no longer withhold information about cyber security breaches, with the Federal Government’s new Notifiable Data Breaches scheme now in full force.
The Privacy Amendment (Notifiable Data Breaches) Act 2017, now brings Australia into alignment with other countries, which have already had the same requirements for years.
The NDB scheme applies to all agencies and organisations, including health service providers, with existing personal information security obligations under the Australian Privacy Act 1988 (Privacy Act).
This includes Australian Government agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting bodies, health service providers, and TFN recipients, among others.
Under the new NDB scheme, entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach.
The scheme applies to all kinds of personal and sensitive information. Examples include names, addresses, email addresses, genders, family members, financial information, tax file numbers and medical history.
Federal Attorney General, Christian Porter, stressed data breaches that might increase the risk of serious harm particularly include the release of sensitive information about an individual’s health, Medicare card information, driver’s licences, passport details, or financial information.
He said the new scheme sent a clear message that the Government was taking the security of personal information seriously.
“This means that Australians will know if their personal information has been breached and will be empowered to protect themselves, by being able to act quickly to minimise damage,” he said.
The Australian Information Industry Association (AIIA), has recently welcomed the scheme as a proactive way of tackling cyber security breaches in Australia.
“The AIIA is supportive of the Office of the Australian Information Commissioner (OAIC) and its roll out of the NDB scheme”, AIIA’s CEO, Rob Fitzpatrick, said. “Importantly, the NDB scheme provides a notification that must include recommendations about the steps that should be taken in response to a breach.
Fitzpatrick highlighted the ICT sector has a very central role in helping organisations meet their compliance commitments under the scheme, as well as preventing and remediating data breaches.
“The ability to confidently engage online is a critical foundation of a digital society, and anything that builds confidence for citizens and businesses is an important step forward,” he added.
For more information on how the new NDB Scheme affects the healthcare sector click here.