Let’s understand the Notifiable Data Breaches (NDB) scheme at its very basic layer!
Under the NDB scheme, any organisation or agency the Privacy Act (Rights and responsibilities — OAIC) covers must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to an individual whose personal information is involved.
A data breach occurs when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. Personal information is any information on a person that can be used with malicious intention. This can be someone’s name, date of birth, and home address or even something as simple as someone’s photograph. It is not just bank details that classifies as a breach. For more information on what is classified as Personal Information according to the Australian Government, go to: What is personal information? — OAIC