Private schools and private tertiary educational institutions across Australia are now required to comply with the Notifiable Data Breaches Act which came into effect on 22 February 2018.
In the regular delivery of educational services, schools obtain a range of personal information about students and families. This information is stored in online and offline records and includes photos of students, banking details, family information, contact details, and health information in the form of medical records or through counselling services.
Data contained in these records is valuable to school communities, but can prove even more valuable to individuals seeking to do harm to schools or individuals within.
There’s an average of 2.5 successful security breaches per company per year, costing organisations $3.2million on average.
$3.2million is the average cost to an organisation due to a malware attack and on average there are 2.5 successful security breaches per company each year.” Accenture, 2017
Schools have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach. This harm includes serious financial, psychological, emotional, or other harm.
Independent educational institutions need to consider their legal obligations under the Privacy Act 1988 and ensure secure handling of their school community’s data.
“Failures to comply with the Notifiable Data Breach scheme can attract fines up to $2.1million.” Office of the Australian Information Commissioner.
To assist schools, leading cybersecurity and learning enablement provider CyberHound commissioned global law firm Norton Rose Fulbright to develop a suite of education-specific resources. These include simple checklists and user-friendly guides for schools to help prevent, and prepare for, a data breach.
CyberHound is providing schools with a key element of this suite of documents – Privacy compliance manual for schools. This manual provides assistance in understanding obligations in relation to data protection and management including practical guidelines to assist schools comply with their obligations under the Privacy Act.
To discuss the full range of data breach resources and how CyberHound can assist you with risk mitigation, please call 07 3020 3330 or email firstname.lastname@example.org.