Australia - Mandatory data breach notification act passed by parliament

Australia - Mandatory data breach notification act passed by parliament's Tags

Tags related to this article

Australia - Mandatory data breach notification act passed by parliament

Published 11 abril 2017

On 13 February 2017, the Parliament of Australia passed the Privacy Amendment (Notifiable Data Breaches), amending the Privacy Act 1988.

This introduces a mandatory requirement for entities regulated under the Privacy Act 1998 to notify the Australian data protection authority (OAIC) and individuals affected by data breaches which are likely to result in serious harm, as a result of unauthorised access or disclosure or loss of information. Entities must assess whether there are reasonable grounds to believe a breach has occurred within 30 days of suspecting it has taken place.

The Bill has not received Royal Assent and no date has been fixed yet.

To the extent organisations process personal data in Australia, they should familiarise themselves with the new amendment, develop a response plan and ensure compliance with the notification scheme when it comes into effect.

A press release about the draft law can be found here.

< Back to articles