February 22 is an important date for start-ups and small business owners, it is the date that the Privacy Amendment (Notifiable Data Breaches) Act 2017 comes into full effect.
Okay, so what does that mean for you and your business?
Basically, this Act applies to you if you have a business that provides a health service or service that collects TFNs or a health service that involves any of the following:
- assessing, maintaining or improving a person’s physical or psychological health; or
- where a person’s health cannot be maintained or improved – managing the person’s health;
- diagnosing or treating a person’s illness or disability; or
- recording a person’s health for the purposes of assessing, maintaining, improving or managing the person’s health;
- dispensing a prescription drug or medicine by a pharmacist.
This affects businesses such as:
- Remedial massage therapist
- Yoga teacher
- healer using any modality
- personal trainer
- Any complementary or allied health or therapy service
- Or a tax agent or accountant or your service requires you to collect tax file numbers.
What is a notifiable data breach?
1. unauthorised access to, or unauthorised disclosure of personal information, or a loss of personal information, that a business holds;
2. That is likely to result in serious harm to someone;
3. and where the business has not been able to prevent the likely risk of serious harm with remedial action. (‘Serious harm’ can be psychological, emotional, physical, reputational, or other forms of harm.)
This is it in a nutshell. This is not individual advice. There are a lot of elements to this amendment that do not apply to everyone and will apply to some depending on your individual businesses.
Feel free to ask questions in the post comments or message me if you need to discuss any issues particular to your circumstances.