Date: 7 February 2018
The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (the data breach law) has been passed by both Houses of Parliament and will come into effect on 22 February 2018.
The data breach law, which will apply to most community pharmacies, means the Australian Information Commissioner and people compromised by any ‘eligible data breach’ must be notified.
The aim behind the law is to improve the privacy protection of Australians in the event of a data breach without creating an unreasonable regulatory burden for businesses.
Businesses that fail to report a breach will face fines of up to $360,000 for individuals and $1.8 million for organisations.
The Office of the Australian Information Commission (OAIC) sets out on its Eligible data breach webpage that an eligible data breach arises when the following three criteria are satisfied:
Further information is available on the Notifiable Data Breaches Scheme webpage.
The Guild will be providing further information to support members in their obligations under the Notifiable Data Breaches Scheme in coming weeks.