When we previously looked at the trends emerging from the mandatory notifiable data breaches scheme, we observed that organisations seem to be playing it safe and reporting when in doubt, possibly leading to overreporting.
We’re big supporters of mandatory notification, and we agree that when there’s doubt, it’s safer to report. But we also think it’s important that we all get better at understanding and managing data breaches, so that individuals and organisations don’t become overwhelmed by notifications.
That’s why we’ve prepared a free, fast and simple tool to help you consider all of the relevant matters when deciding whether a data breach needs to be notified.
Keep in mind that this is just a summary of relevant considerations – it’s not legal advice, and it only addresses Australian requirements. If your organisation handles personal information or personal data outside of Australia, you might need to consider the notification obligations in other jurisdictions.
Also remember that notification is just one aspect of a comprehensive data breach response plan. If your organisation handles personal information, you should consider adopting a holistic plan for identifying, mitigating and managing data breaches and other incidents.
Please let us know if you find this tool useful or if you any feedback or suggestions.
If you enjoyed this and would like to be notified of future elevenM blog posts, please subscribe below.