As noted in our blog post earlier this year, on 13 February 2017 the Senate passed the Privacy Amendment (Notifiable Data Breaches) Act 2017. It is expected that this Act will come into force on or around 22 February 2018.

As explained further in our recent ‘deep-dive’ into the new law, the Act introduces a new part into the existing Privacy Act 1988 (Cth). The Privacy Act confers a number of regulatory responsibilities and powers on the Office of the Australian Information Commissioner.

In connection with the above, the OAIC has released a suite of four draft resources for public comment. The four resources cover:

  • which entities are covered by the notifiable data breach scheme
  • the notification of individuals affected by an eligible data breach
  • identifying eligible data breaches
  • the role of the Australian Information Commissioner.

This is an area of law that is clearly of significant public interest. An earlier March 2016 public consultation on the draft bill by the Attorney-General’s Department attracted around 40 public submissions by a number of high-profile industry voices.

The draft OAIC resources remain open for public comment until 14 July 2017.