Peter A Clarke

With the passage of the Privacy Amendment (Notifiable Data Breaches) Act 2017  Australia will have a mandatory data breach notification law.  It comes into effect from 22 February 2018 (though some practitioners believe it comes into effect on 23 February).

In summary the scheme as enacted int Part IIIC of the Privacy Act obliges organisations covered by the Privacy Act and agenices  to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. A notification must include recommendations about the steps individuals should take in response to the breach. The Australian Information Commissioner must also be notified of eligible data breaches.

That is the starting point.

It is a complex piece of legislation which requires careful consideration of the exemptions and consideration of what may or may not constitute serious harm.