March 2018 - i-Link Privacy Update
The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) came into effect on the 22nd February 2018. This month we thought it would be worthwhile reiterating our current adherence to this as well as i-Link's obligations under the scheme....
Which data breaches require notification?
The NDB scheme only applies to data breaches involving personal information that are likely to result in serious harm to any individual affected. These are referred to as 'eligable data breaches'. There are a few exceptions which may mean notification is not required for certain eligible data breaches.
An eligible data breach arises when the following three criteria are satisfied:
1) There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds.
2) This is likely to result in serious harm to one or more individuals and
3) The entity has not been able to prevent the likely risk of serious harm with remedial action.
It is worthwhile reading the information provided via this link: https://www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme
How to avoid a data breach?
Client data (personally identifying data such as name, email address, phone number, customer numbers, etc.) suppied to i-Link for a project must be transmitted only via our client portal. This is the only way to securely transmit data.
If this is not possible, client must encrypt a datafile using a password with minimum 8 alphanumeric characters and the password must be transmitted in a format other than the method used to transfer the datafile. For example, if a client emails us the data, then they should text or call us to provide the password. If we are emailed, this will be immediately deleted from our inboxes.
As per our current data retention policy, personally identifying data must be deleted within 45 days of a project closing from all servers & drives (including backups). Our client must confirm in writing if they need the data stored for more than 45 days.
This has always been the way we have operaed as a company and it goes without saying that it will remain our policy moving forward.
If you would like anymore information please contact the i-Link sales team!