Role of NDB Scheme
The Role of the Notifiable Data Breach (NDB) Scheme
The NBD is an Australian legislative scheme put forth to regulate data handling and use by organisations that collect and store personal data. The scheme which came into effect on February 2018 has been key in regulating the manner in which data holders use data (OAICc, 2019). It contains a set of regulations that guide the handling of data, which in return enhances cybersecurity accountability. Companies holding personal information have to comply with the regulations stated in the scheme. Under the scheme, companies are expected to report to the OAIC anytime they suffer a data breach. Additionally, the people whose information is at risk are accorded the right to get a notification to apply possible protective measures. The NDB scheme helps in enhancing the protection of the consumers following data breaches by enabling them to stay informed. The effectiveness of this scheme has, however, been hindered by the fact that it does not apply to all firms (Watts & Casanovas, 2018, p. 3). Applying it uniformly on all organisations would help manage many data breaches being perpetuated by the private sector.The Role of General Data Protection Rule (GDPR)
The GDPR is a law under the EU that provides for privacy and data protection for citizens under EU (OAICd, 2018). The law also covers the transfer of personal data outside the union. The main goal of the law is to empower citizens to gain control over their personal information as they are allowed an avenue to offer consent on the processing of their data. Organisations that do not comply with these provisions are subjects to penalties as all countries under the EU must meet the standards of GDPR. Under GDPR, consumers can sue an organisation for unconsented processing of data. All these provisions prompt organisations to act more carefully and responsible whenever handling personal data from their clients.
The events that precede data breaches are, in most cases, preventable. In the three cases discussed in this paper, the data breaches were predominantly as a result of ill-preparedness of the organisations as well as failure to upgrade to the latest and safest systems to disadvantage all attackers. The legislative bodies concerned with data privacy need not only to propose policies and implement them but also to set the standards of software that are allowed to be used in firms handling personal information.
References
OAICa, n.d. Consumer Data Right. [Online] Available at: https://www.oaic.gov.au/consumer/data-right/ [Accessed 8 August 2019].
OAICb, 2019. Notifiable Data Breaches Statistics Report: 1 January to 31 March 2019. [Online] Available at: https://www.oaic.gov.au/privacy/notifiable-data-breaches/notifiable-data–breaches-statistics/notifiable-data-breaches-quarterly-statistics-report-1-january-31–march-2019/ [Accessed 8 August 2019].
OAICc, 2019. Notifiable Data Breach (NDB) Scheme. [Online] Available at: https://www.oaic.gov.au/privacy/guidance-and-advice/data-breach-preparation-and–response/part-4-notifiable-data-breach-ndb-scheme/ [Accessed 8 August 2019].
OAICd, 2018. Australian entities and the EU General Data Protection Regulation (GDPR). [Online] Available at: https://www.oaic.gov.au/privacy/guidance-and-advice/australian–entities-and-the-eu-general-data-protection-regulation/#introduction [Accessed 8 August 2019].
Watts, D. & Casanovas, P., 2018. Privacy and Data Protection in Australia: a Critical overview,