Eligible data breach (NDB scheme)

Under the Notifiable Data Breaches (NDB) scheme in Part IIIC of the Privacy Act 1988 (Cth), an eligible data breach is one likely to result in serious harm to any individual whose personal information was involved. Reporting entities must notify the OAIC and affected individuals as soon as practicable — generally read as within 72 hours of becoming aware. For FRT deployments, a breach of the biometric-template store typically meets the threshold automatically.

This term sits in the FRT & privacy section of the working glossary — vocabulary covering facial-recognition controls and the Privacy Act 1988 (Cth), including the Australian Privacy Principles and the Notifiable Data Breaches scheme.

• Privacy Act ADM reform & gaming venues — FRT, AML automation, automated decisions
• FRT vendor selection 101 for Australian gaming venues

• Facial Recognition Technology (FRT)

  Computer-vision systems that detect and match faces against a registered list. In NSW gaming, FRT is increasin…

• NSW voluntary FRT Code of Practice

  A voluntary code approved under s.48 of the Gaming Machines Act 2001 (NSW) covering FRT deployments in gaming …

• Politically Exposed Person (PEP)

  An individual in a prominent public function — and their close family and close associates. The AML/CTF Rules …

• Privacy Act ADM reform

  The automated-decision-making reform to the Privacy Act 1988 (Cth). Requires APP entities to update their priv…

• Australian Privacy Principle 1 (APP 1)

  Schedule 1, Part 1 of the Privacy Act 1988 (Cth) — open and transparent management of personal information. Re…

• Biometric data

  A sensitive-category personal-information class under the Privacy Act 1988 (Cth) covering facial geometry, fin…