SYSTEMology is an Australian-based company, and we follow local laws and regulations related to data breaches. This includes, but is not limited to:
The Privacy Amendment (Notifiable Data Breaches) Act 2017, which established the Notifiable Data Breaches (NDB) scheme in Australia. Since 22 February 2018, the NDB scheme has required organisations covered by the Privacy Act 1988 to notify any individuals who are likely at risk of serious harm due to a data breach. We take privacy very seriously, and protecting our clients and their data is one of our top priorities.
While we treat data and privacy protection with the highest importance, it’s worth noting that SYSTEMology and systemHUB have not experienced any breaches in over six years of operation. This policy is part of our proactive approach.
What Is a Data Breach?
A data breach happens when personal information is lost or accessed, used, modified, disclosed, or misused without authorisation. Personal information refers to details or opinions about someone who is identified or reasonably identifiable.
Examples of data breaches may include:
- Unauthorised access by a third party
- Accidental publication of personal data online
- Lost or stolen laptops or USB drives containing personal information
Which Data Breaches Are Notifiable?
Not all breaches require notification under the Act. That said, SYSTEMology and systemHUB aim to go above and beyond the legal requirements. We’ll always assess any breach quickly, take immediate action, and keep you informed if there’s a risk to your personal information.
Data Breach Response Plan
We believe in having clear systems and processes. Our response plan is designed to help SYSTEMology and systemHUB:
- Contain and assess breaches
- Respond in a timely manner
- Reduce harm to affected individuals
It outlines who to contact, what roles and responsibilities team members have, and the steps to follow if a breach occurs.
Data Breach Response Process
No two breaches are the same, so we treat each case individually. Our standard process includes four steps:
- Step 1: Contain the breach and perform an initial assessment
- Step 2: Evaluate the risks associated with the breach
- Step 3: Notify affected parties if required
- Step 4: Take steps to prevent future breaches
These steps may occur at the same time or one after another, depending on the situation. In some cases, not all steps are necessary. Our internal checklist helps guide the team in responding appropriately.
Evaluating the Risk of Serious Harm
When assessing whether a breach poses a serious risk to individuals, the response team considers:
- The type of personal information involved (especially if it’s sensitive)
- Whether any protections (like encryption) were in place
- The kind of harm that could result (e.g., identity theft, financial loss, distress)
- What steps have already been taken to reduce the risk
- How confident we are that the breach has been addressed effectively
We pride ourselves on being open and honest. If anything goes wrong, we’ll communicate clearly and quickly, keeping your best interests front and centre.
While we hope to never need this policy in practice, having it in place is a smart step forward for both SYSTEMology and systemHUB.