The Notifiable Data Breaches (NDB) scheme comes into effect on 22 February 2018, and Christian schools along with other organisations with existing personal information security obligations under the Australian Privacy Act 1988 will be required to comply.
This means that affected schools will be required to notify students, staff, or any other individuals whose personal information is involved in a data breach that is likely to result in serious harm.
Schools collect and store various types of personal information in both online and offline records — including photos of students, bank details, family information, contact details, and health information in the form of medical records or through counselling services. In some instances, a data breach involving someone’s personal information may put them at risk of serious financial, psychological, emotional, or other harm – in which case a notifiable data breach has occurred.
It is important that those involved in managing personal information understand their obligations under the NDB scheme. A range of resources have been published by the Office of the Australian Information Commissioner (OAIC) on their website here. You can also view their recent webinar on Preparing for the Notifiable Data Breaches scheme by registering online.