Prevention better than cure – three ways to approach the Notifiable Data Breaches scheme


Security is an ever-increasing threat for organisations and individuals and with the introduction of the Notifiable Data Breaches Scheme (NDB) on Thursday (22 February), data security is now firmly on the agenda of businesses across Australia.   

While the scheme applies specifically to Australian businesses that have an annual turnover of more than three million dollars, the impact of the scheme should not be ignored by those that fall under that threshold. For example, certain small business operators (SBOs) such as those that provide health services or deal with person information are still subject to the requirements of NDB.

Taking a long term view, elevating the importance of data security as a company-wide priority is an essential cultural shift, irrespective of legislative requirements. The conversation about data security should extend beyond simply fixing compliance gaps, to addressing how an organisation builds trust across its entire business and customer base – the cornerstone of a strong and resilient business.

Below are three strategies to help businesses achieve this:

  1. Understand the full life cycle of users’ data 

The NDB requires organisations that hold data belonging to individuals to explicitly know where every piece of data is stored. This includes understanding the full life cycle of users’ data — where it lives, how and when it is stored and processed, and ultimately how it gets destroyed.

Get close to your data: know who has access to it at all times, and if the data is being shared externally with partners and vendors, verify the safety of their systems before sharing.

  1. Leverage technology to avoid human error 

It has been widely researched and reported that the majority of data breaches are the result of unintentional and well-meaning actions of employees making honest mistakes about accessing or sharing data.

The benefit of cloud technology is it can be used to build permission frameworks around data and centralise control so that security is built into the system and the right people have the appropriate level of access at the right time. This removes guesswork on the employee’s part and effectively limits potential instances of human error.

In addition, cloud technology can provide objective visibility and control with features such as audit trails, remote wiping, admin control, single sign-on, data loss prevention and version history. These capabilities provide full transparency into where a company’s data is, who is accessing it and how lost data can be restored. If detected in time, cloud systems can potentially reverse a human error before it’s too late.

  1. Make Trust the foundation of your business

The security threat landscape is constantly changing which means legislation will continue to evolve. A formidable culture of trust, which permeates every part of an organisation acts as a good safeguard against such changes.

The trust of your customers must be earned and being worthy of trust means that everyone within the organisation, from the top down, takes full responsibility for protecting company and customer information. Making Trust and Security training a key part of the on-boarding process is a great way to get all employees on the same page. Following that up with regular programs, workshops, and training to equip employees with the knowledge that they need to uphold a culture of trust and security is also important.

The NDB is a catalyst for driving a cultural shift towards making trust a compass for businesses in Australia, and this is a positive step for organisations and their customers.

For more information on the Notifiable Data Breaches scheme, please visit this website: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme


About the author

Dean Swan is an accomplished business leader who has spent his career helping companies translate technology into business advantage. Before joining Dropbox as director of enterprise, Dean spent ten years at Microsoft. He is recognised for building and scaling high performing teams.