As we move further and further into a more technically driven world, an ever increasing danger arises for businesses. Gone are the days where every detail of every client was held within a sturdy metal filing cabinet where only a select few people held the key. In this advanced technological era, huge amounts of client and customer information are at risk of unlawfully (and unintentionally) being disclosed by companies everywhere. An unexpected cyberattack, or perhaps something as simple as accidentally sending an email containing sensitive information to an unintended recipient. Information can be unlawfully disclosed in an instant, therefore breaching the Privacy Act. However, it has never been a requirement for Australian organisations to disclose such a breach to the Privacy Commissioner or their clients. Instead, it was simply encouraged to undertake voluntary notification of data breaches.
Privacy Amendment (Notifiable Data Breaches) Bill
In February 2017, the Australian senate voted to pass the mandatory data breach notification regime introduced in 2016. As of 22 February 2018, organisations will need to provide notification to the Privacy Commissioner and affected individuals about ‘eligible data breaches’. The notification regime will apply to any organisation subject to the Privacy Act (which will include many private sector entities, government agencies, credit reporting bodies, credit providers and tax file number recipients).