mandatory data breach notification

Privacy compliance will become even more important for all companies in Australia now that the mandatory data breach notification scheme has been enacted.

From 22 February 2018, certain data breaches (known as “eligible data breaches”) will need to be notified to the Australian Privacy Commissioner and affected individuals.  Previously, notification of data breaches was optional.

The Australian Federal Parliament commenced sitting on August 30, 2016, and the long-proposed mandatory data breach notification legislation is again on the newly-elected Coalition Government’s agenda. Currently, the Australian Privacy Act 1988 (Cth) does not require an organisation or agency to notify an individual of a data breach involving their personal information, but this looks likely to change soon.