Privacy Amendment (Notifiable Data Breaches) Bill 2016
On 13 February 2017, a Bill to amend the Privacy Act 1988 was passed by Federal Parliament. The amendment will become effective twelve months after the Bill is given Royal Assent, which is likely to be in the next few days. This change means that Australian legislation will come to reflect the position in similar jurisdictions, such as the UK, EU, USA, and Japan, where mandatory breach reporting has been a legislative requirement for many years.
Under the amendment, organisations will need to report to the Australian Information Commissioner incidents such as loss, interference or unauthorised disclosure of information that would be likely to result in serious harm to the individuals concerned.