New Privacy Legislation

The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) comes into effect on 22 February 2018. The Office of the Australian Information Commissioner (OAIC) published draft resources to help organisations understand their compliance obligations from 22 February 2018.

The scheme requires entities to notify particular individuals and the OAIC about an "eligible data breach". Fines apply to individuals and corporation for a data breach.

This legislation will apply to all organisations which are subject to the Privacy Act including private sector healthcare providers who collect, use and disclose health information.

Examples of unauthorised access to, unauthorised disclosure of – or loss of – personal information include:

  • malicious breach of security, e.g. cyber security incident
  • accidental loss of information technology equipment or hard copy documents
  • negligent and improper disclosure of information.

Click here for the OAIC’s general guide for responding to a personal information data breach.