Data breach law coming into effect

Date: 7 February 2018

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (the data breach law) has been passed by both Houses of Parliament and will come into effect on 22 February 2018.

The data breach law, which will apply to most community pharmacies, means the Australian Information Commissioner and people compromised by any ‘eligible data breach’ must be notified.

The aim behind the law is to improve the privacy protection of Australians in the event of a data breach without creating an unreasonable regulatory burden for businesses.

Businesses that fail to report a breach will face fines of up to $360,000 for individuals and $1.8 million for organisations.

The Office of the Australian Information Commission (OAIC) sets out on its Eligible data breach webpage that an eligible data breach arises when the following three criteria are satisfied:

  1. There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds;
  2. This is likely to result in serious harm to one or more individuals; and
  3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

Further information is available on the Notifiable Data Breaches Scheme webpage.

The Guild will be providing further information to support members in their obligations under the Notifiable Data Breaches Scheme in coming weeks.

Next Forefront article
Page last updated on: 15 June 2021