On December 3 2015, the Attorney General released the exposure draft for a bill on notification for serious data breaches. A discussion paper, a draft explanatory memorandum and a draft regulatory impact statement were also released. The legislation would impact all APP entities and telecommunications services providers that are subject to the Data Retention obligations to the extent that their activities relate to retained data. This will mainly include Federal Government agencies as well as most private sector organisations with an annual turnover of above AU$3 million. However businesses not covered by the Privacy Act 1988 and State and Territory government agencies or local councils will not be affected by the scheme. Under the new legislation, the Australian Privacy Commissioner and affected individuals must be notified if there are reasonable grounds to believe that "a serious data breach" has occurred. A "serious data breach" occurs where credit reporting or eligibility information, tax file number information, or personal information is subject to unauthorised disclosure that creates a "real risk of serious harm" to affected individuals. The exposure draft identifies some relevant matters that entities could take into account in determining whether there is such a "real risk of serious harm" that gives rise to the duty of notification. This includes the kind and sensitivity of the information concerned, as well as the nature of the harm and whether steps are being taken to mitigate it. As indicated in the discussion paper, it is also expected that the Privacy Commissioner will issue guidance material to help entities assess whether a real risk of serious harm existed. Non-compliance may result in the Privacy Commissioner issuing a binding determination and, in instances of repeated non-compliance, civil penalty orders could be sought by the Privacy Commissioner from the Australian Federal Court. Submissions on the draft legislation are open until 4 March 2016.
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact firstname.lastname@example.orgRegister
Australia - Consultation open on the Privacy Amendment (Notification of Serious Data Breaches) Bill
To view this article you need a PDF viewer such as Adobe Reader.
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email email@example.com.
Related topic hubs
Huawei Technologies (USA)
“I make an effort to read at least several articles each day and regularly share the particularly relevant or interesting articles with my colleagues. I greatly appreciate the inclusion of the Lexology service by the State Bar of Texas and have recommended that my friends and colleagues join the Corporate Counsel Section of the State Bar in order to obtain this service for themselves.”