Privacy Amendment (Notifiable Data Breaches) Bill 2016 passes both the House of Representatives and Senate in February 2017

Australia’s long-awaited data breach notification legislation has today been passed by the Senate. To date in Australia, it has not been mandatory to give notice about data breaches to individuals affected by the breach or to the Australian Information Commissioner. However, data breach reporting will now become mandatory as the Privacy Amendment (Notifiable Data Breaches) Bill 2016 (the Bill), which requires mandatory reporting in certain circumstances, was passed by the House of Representatives on 7 February 2017 and the Senate on 13 February 2017.

The Bill sets out when and how a data breach must be notified to both affected individuals and the Australian Information Commissioner. Further information on the requirements and obligations was contained in our 2016 Focus Paper, which also addressed the consequences of a failure to notify.

We will report back with the likely date the notification requirements will take effect.

It is important to note that this legislation will have significant practical implications for businesses with annual turnover in excess of $3 million. Cyber risk poses an unprecedented threat to Australian businesses. As we have previously reported, company directors are ‘on the hook’ for cyber security and developing cyber resilience needs to be at the top of every business agenda.

Is your business resilient against data breaches but also prepared to handle a data breach? Addisons, in conjunction with leading technology and crisis management experts, has developed a simple, holistic Cyber Health Check to help you take stock. Please don’t hesitate to contact us to explore how we can help your business to build cyber maturity and prepare for the implementation of this important new legislation.