Articles

Card image cap

Preparing for the Mandatory Data Breach Notification

Preparing for the Mandatory Data Breach Notification must include:

      Have the three key elements in place:
        Governance measures:
        1. Business Continuity Plan
        2. Data Breach notification plan
        3. Risk management plan
        4. Cyber and privacy strategy
        IT measures:
        1. Antivirus, Intrusion Detection and Protection Systems
        2. Policies for access to the systems
        3. Backups
        Cyber insurance to mitigate the residual risk

      Knowledge and information about your data assets - document where they are:
        Software: what software systems do you use?
        Hardware: what hardware do you have and where?
        Do you keep the data "in the cloud" (ie on the systems of a storage provider?)
        What devices can access the systems (phones, tablets, etc) and whom do they belong?

      Vendor management:
        Have a list of all your vendors and their contact details that can be used in case of a breach
        Have a clause in the contract that specifies how they will cooperate with you if there is a breach

      Knowledge and information about your staff and their privileges to the systems used:
      Prepare a plan for the Data Breach notification which contains:
        Definition of what constitutes a data breach to assess its severity
        Appoint staff members who will be in charge of coordinating the execution of the Plan
        Know the steps to be taken in case of a breach
        1. Stop the breach
        2. Assess the breach - preliminary
        3. Notify the stakeholders - directors, owners, OAIC, CERT, insurers, banks, legal counsel, patients - using the prepared messages as guidance
        4. Contact the company who will undertake the forensics
        Prevent any further breaches
        Test the plan at least once a year

To discuss and find out more, please join us on Friday 23rd of February 2018 (when the Mandatory Data Breach Notification comes into effect). Please register by clicking on the link below:
Data Breach notification readiness Discussion