So I had heard whispers of requirements of businesses to report data breaches but honestly hadn't heard much of it until someone on OCAU posted a link and the requirements to report breaches from Feb 22 on wards. Initially I didn't think this really applied to us but the more I thought of it, it may actually. With an increasing mobile workforce the information stored on laptops, iPads and phones could potentially fall under the listed data, the site only lists some types of data so could cover much more than I thought of. Managers keeping resumes(addresses and phone numbers), information on their team members performance, Managers\HR and finance discussing team members health and payroll information. As this new requirement also covers external or internal user gaining unauthorised access, unauthorised disclosure and Loss it opens the discussion to data loss prevention buth internally and externally, laptop hard drive encryption and policies in place to comply with the Privacy act requirements. Has anyone else looked into the requirements and what are you doing to comply? Am I the only one learning of this now?