Anna Sharpe, Partner, Transactional intellectual property, Information technology and Data Protection lawyer, Swaab Attorneys;
Matthew Quick, Director - Management Consulting, KPMG and
Kelly Henney, National Lead, Privacy team, KPMG Event overview
The Australia-Israel Chamber of Commerce in partnership with KPMG and Swaab Attorneys is delighted to extend an invitation to you to join a complimentary workshop for AICC members to discover how compliant your business is with the new Mandatory Data Breach Notification legislation that came into effect on 22 February 2018, under the Notifiable Data Breaches (NDB) scheme.
Mandatory Data Breach Notification laws are here...are you and your business ready?
Since February 2018, for the first time in Australia, entities subject to the Privacy Act 1988 (Cth) (the Privacy Act) have a mandatory obligation to report what are called ‘eligible data breaches’ to both the Office of the Australian Information Commissioner (OAIC), and any individuals who may be potentially affected by a data breach.
The following are some of the questions that will be covered at our upcoming workshop to help you understand what the ramifications could be for your business.
What do the changes do? The changes introduce a mandatory data breach notification scheme into the Privacy Act. Under this scheme, it is mandatory for entities and agencies subject to the Privacy Act to notify individuals when a data breach occurs which is likely to result in serious harm to those individuals. The OAIC must also be notified of such data breaches.
Who do the changes apply to? The changes apply to Commonwealth government agencies and private sector organisations who are currently subject to the Australian Privacy Principles under the Privacy Act.This includes private sector organisations, including not-for-profits, with annual (group) turnover of more than $3 million. It also includes small businesses that may be earning $3 million or less where they are health service providers involved in trading in personal information, contractors that provide services under a Commonwealth contract or credit reporting bodies, amongst others.
The obligation to notify the OAIC and affected individuals as a result of the changes to the Privacy Act is triggered only in circumstances where a data breach constitutes an ‘eligible data breach’, examples of which will be discussed during the workshop.
This complimentary workshop for AICC members will help you understand the ramifications of these changes, who they apply to, and the likely consequences for your business.
Matthew Quick is a Director in KPMG's Management Consulting division, with over 16 years’ experience in the compliance, regulatory, privacy, risk, and IT audit fields. Prior to joining KPMG, Matthew was the Head of Compliance and Privacy at Telstra, Australia’s largest telecommunications provider, where he was responsible for designing and executing the Group Compliance Strategy.
Kelly Henney is the National Lead of KPMG’s Privacy team and has over 17 years’ experience across the corporate and legal sector and with ASIC in Government regulation. Kelly has been responsible for and project managed multiple high-profile litigations and Regulatory Taskforces and brings a wealth of experience managing complex regulatory investigations, process governance, conduct and culture.
Anna Sharpe, LL.M, ACIS, Swaab consultant, is a respected transactional intellectual property, information technology and data protection lawyer. She acts in transactions in which these areas of intangible assets play a key role and how they interact with privacy laws. Recent matters in which Anna has been instructed have included mandatory data breach scheme compliance, international trademark licences, alliance product launches, e-publishing agreements, cloud computing contracts, pay television program deals, database licensing arrangements and merchant acquirer transactions.