Client Alert: Introduction of the notifiable data breaches scheme
On 22 February 2018 the Privacy Amendment (Notifiable Data Breaches) Act 2017 will come into effect. Prior to this legislation there was no statutory requirement in Australia, other than for eHealth data breaches, for businesses to notify either affected individuals or regulatory bodies of any data breach.
The Act introduces the Notifiable Data Breaches (“NDB”) scheme which establishes mandatory reporting protocols of all eligible data breaches for entities bound by the Australian Privacy Principles. These are any private sector and not-for-profit organisations with an annual turnover greater than $3million, and all Commonwealth Government and Australian Capital Territory Government agencies.