SYSTEMology is an Australian-based company and as such, we take on board a lot of the local rules and regulations around breaches, including but not limited to the following:

The Privacy Amendment (Notifiable Data Breaches) Act 2017 established a Notifiable Data Breaches (NDB) scheme in Australia. Commencing on 22 February 2019, the NDB scheme requires organisations covered by the Australian Privacy Act 1988 (the Act) to notify any individuals likely to be at risk of serious harm by a data breach. We take privacy extremely seriously and it is our utmost priority to keep our clients and clients' data safe.

While we see data and privacy protection as our highest priority, it’s worth noting that SYSTEMology and systemHUB have not had any breaches in its six-year history, and getting this data breach policy in place is us being proactive.

WHAT IS A DATA BREACH?

A data breach occurs when personal information is lost or subjected to unauthorised access, modification, use or disclosure or other misuses. Personal information is information or an opinion about an identified or reasonably identifiable individual. Data breaches may include a range of different things, e.g. unauthorised access by a third party, information accidentally being uploaded to a public website or a laptop or USB drive containing personal information being lost or stolen.

WHICH DATA BREACHES ARE NOTIFIABLE?

Under the act listed above, not all data breaches require notification. With that said, SYSTEMology and systemHUB go above and beyond what they’re required to do to keep you in the loop. Obviously, we want to make sure that we keep your personal information safe should anything happen. We’ll assess any data breaches and take the immediate response and keep you informed.

DATA BREACH RESPONSE PLAN

As you can imagine, we’re lovers of systems and processes, so we’ve put together a plan. This response plan is intended to enable systemHUB and SYSTEMology to contain, assess and respond to data breaches in a timely fashion and to help mitigate potential harm to affected individuals. It sets out contact details for the appropriate staff in the event of a data breach, clarifies the roles and responsibilities of staff, and documents processes to assist systemHUB and SYSTEMology to respond to a data breach.

DATA BREACH RESPONSE PROCESS

Clearly, all circumstances are unique and there are always different sets of variables with no case being exactly the same, so we need to deal with breaches if and when they occur on a case-by-case basis and we take the following four steps:

STEP 1: Contain the breach and do a preliminary assessment

STEP 2: Evaluate the risks associated with the breach

STEP 3: Notification

STEP 4: Prevent future breaches

The Response Team should ideally undertake steps 1, 2 and 3 either simultaneously or in quick succession. Refer to the detailed checklist at the end of this plan.

Depending on the breach, not all steps may be necessary, or some steps may be combined. In some cases, it may be appropriate to take additional steps that are specific to the nature of the breach. The checklist at the end of this plan is intended to guide the Response Team in the event of a data breach and alert the Response Team to a range of considerations when responding to a data breach.

EVALUATING A SERIOUS RISK OF HARM TO AN INDIVIDUAL OR COMPANY

In evaluating whether there is a serious risk of harm to an individual whose information is the subject of a data breach, the Response Team must consider:

We are straight shooters who pride our reputation and always act with our client's best interests at heart. We are committed to communicating with you in a timely manner should things arise and give you honest, straightforward information about where we’re at and what we need to do.

As mentioned above, it is clearly our goal to avoid all of these, but getting this document in place is the best course of action for SYSTEMology and systemHUB to get ahead of things.