Australia adopts law on mandatory data breach notification

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 passed both Houses of Parliament on 13 February. Unless the Government fixes a date for commencement by Proclamation, the law will enter into force 12 months from the date the Bill receives Royal Assent.

Australia’s Privacy and Information Commissioner, Timothy Pilgrim said:
“I welcome the passage of the Privacy Amendment (Notifiable Data Breaches) Bill 2016, which establishes a mandatory data breach notification scheme in Australia.”

“This amendment will require government agencies and businesses covered by the Privacy Act to notify any individuals affected by a data breach that is likely to result in serious harm. My office will be advised of these breaches, and can determine if further action is required. The law also gives me the ability to direct an agency or business to notify individuals about a serious data breach.”

“My office will be working closely with agencies and businesses to help prepare for the scheme’s commencement. This will include providing additional guidance over the next 12 months.”

Read more about this topic in a future issue of PL&B International Report.