Office of the Australian Information Commissioner - Home

Australian Government - Office of the Australian Information Commissioner
Australian Government - Office of the Australian Information Commissioner

Main menu

What the Notifiable Data Breaches scheme means for schools

The Notifiable Data Breaches (NDB) scheme comes into effect on 22 February 2018, and private schools and private tertiary educational institutions across Australia will be required to comply.

This means that private schools or institutions will be required to notify students, staff, or any other individuals whose personal information is involved in a data breach that is likely to result in serious harm.

Schools may collect and store various types of personal information in both online and offline records — including photos of students, bank details, family information, contact details, and health information in the form of medical records or through counselling services.

In some instances, a data breach involving someone’s personal information may put them at risk of serious financial, psychological, emotional, or other harm.

It is important that those involved in managing personal information understand their obligations under the NDB scheme. A range of resources have been published on our NDB webpage. You can also view our recent webinar on Preparing for the Notifiable Data Breaches scheme by registering online.

Visit the NDB webpage