The Notifiable Data Breach (NDB) scheme has come into effect as of 22 February 2018 and applies to breaches occurring on or after 23 February 2018.

It is important that insurance brokers are aware of changes being implemented and how they impact their own businesses as well as those of their clients. Clients will need to be advised about taking adequate measures to prevent a data breach and be able to respond appropriately in the event of one.

All organisations and businesses should review their privacy and data security protocols to ensure they comply with the NDB Scheme for Mandatory Data Breach Notifications. 

The new law's main objective is to ensure an eligible data breach, which is defined as ‘unauthorised access to, loss of, or unauthorised disclosure of personal information held by an entity where the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates'.

This information includes personal details, credit eligibility information, tax file number information, and credit reporting information. Serious harm could be anything that includes psychological, financial, emotional, physical, or reputational harm.

The NDB scheme will apply to organisations and agencies that the privacy Act requires to take steps to secure certain personal information categories. This includes Australian Government agencies, not-for-profit organisations, and businesses with an annual turnover of $3 million or more, health service providers, TFN recipients, and credit reporting bodies, among others.