NDB coming Feb 22nd.... No not NBN, NDB
Sorry enough acronyms. NDB or Notifiable Data Breach will be brought into effect on the 22nd of Feb 2018 and will apply to the majority of businesses with a turnover of AU$3 million or more.
Basically it means that if a business's data that contains personally identifiable information is accessed by unauthorized parties, lost or hacked then that business must notify their affected customers and the Privacy Commissioner about the breach. The NDB dictates an objective benchmark in that the scheme requires a "reasonable person" to conclude that the access or disclosure is "likely to result in serious harm". An organisation should interpret the term "likely" to mean more probable than not -- as opposed to merely possible. Failure to comply with the NDB scheme will be "deemed to be an interference with the privacy of an individual" and there will be consequences.
What can you do?
As a first step, at the very least getting familiar with what data you have, where it is kept, and who has access to it. Then talk to your IT team about how you can better secure it and also consider doing vulnerability tests on your systems. Look at segmenting access to data kept internally, enforce strong password policy and implement geo-blocking to prevent remote access from countries outside Australia.