Data Breach Investigation

Your Notifiable Data Breach Scheme Obligations

The Office of the Australian Information Commissioner (OAIC) requires Australian businesses to report data breaches under the Notifiable Data Breaches (NDB) Scheme.

The legislation requires organisations to advise the Information Commissioner in a statement when personal data is involved in a data breach even if the business’s turnover is less than $3 million. Individuals (e.g. clients or customers) at imminent risk of serious harm must also be notified promptly and directly.

Why a Security Breach Requires a Professional

If a data breach triggers the mandatory reporting obligation at your business, it is paramount to promptly assess the scope of the data breach before anyone is notified.

While any miscommunication or delays can diminish the trust in your brand, the professional management of the post-breach activities could minimise the reputation, privacy and financial impact your business may face.

A mismanaged data breach can lead to:

• the loss of your and your business’s reputation;

• the loss of your existing and future clients or customers;

• any unwanted media attention and social media rage;

• identity theft, phishing and online fraud;

• legal action against you from your clients for professional negligence and other lawsuits.

How We Can Help

Iron Bastion data breach experts can carry out the necessary digital forensics work to help you assess the scope of the data breach.

We can investigate what the root cause of the incident was and reconstruct the chain of events that lead to the data breach. Our communication experts can help your staff to draft public and internal statements.

Contact us now in confidence to put your business in good hands.