AWS and the Australian Notifiable Data Breaches Scheme

Recent amendments to the Australian Privacy Act 1988 (Privacy Act) established the Notifiable Data Breaches (NDB) scheme in Australia, which went into effect February 22, 2018. The NDB scheme aims to give affected individuals the opportunity to take steps to protect their personal information following a data breach that is likely to result in serious harm. It also reinforces entities’ accountability for the personal information they hold.

We’re happy to announce AWS offers an Australian Notifiable Data Breaches (ANDB) Addendum to customers who are subject to the Privacy Act and are using AWS to store and process personal information covered by the NDB scheme. The ANDB Addendum addresses customers’ need for notification if a security event affects their data. We have made the ANDB Addendum available online as a click-through agreement in AWS Artifact, where customers can review and activate the ANDB Addendum for AWS accounts they use to store and process personal information covered by the NDB scheme.

We welcome the arrival of the NDB scheme, and hope it encourages Australian entities to raise the bar on their security capabilities. At AWS, we continually maintain a high bar for security across all of our AWS Regions around the world.