December 2017 – All businesses covered by the Australian Privacy Principles (APP) will have new obligations, including an obligation to report breaches under the Notifiable Data Breaches Scheme (NDBS). The obligations arise in cases where an individual’s personal information is breached and the breach is likely to result in “serious harm”. An assessment of the breach must be completed within 30 days and if a breach is confirmed, a statement must be provided to each individual whose information is breached. Further, a copy of the statement must be provided to the Office of the Australian Information Commissioner (OAIC).
Businesses should prepare or update their Data Breach Response Plan to ensure they are able to respond quickly to suspected data breaches, and conduct an assessment as required under the NDBS. If a breach does occur, Businesses will be able to notify the breach by completing a form on the website of the OAIC (https://www.oaic.gov.au/). There are significant penalties for a failure to comply with the APP and all businesses should be aware of and plan for these changes.
30 December 2017