22 February, 2017
New mandatory data breach notification obligations will come into effect under the Privacy Act from today, 22 February 2018.
In a nutshell, the new obligations will require all entities that are currently subject to the Privacy Act (i.e. APP entities and/or credit providers) to comply with the following when a data breach (involving personal or credit information) occurs:
- Take steps to mitigate the harm.
- Assess the breach, in particular, the likelihood of serious harm to affected individuals.
- If there is a likelihood of serious harm to individuals, notify the OAIC and the affected individuals.
These obligations will apply to any data breach that occurs on or after 22 February 2018. It is important to ensure that your Privacy Compliance Plan and Data Breach Response Plans have been updated to reflect the steps you need to follow to comply with the new obligations in the event that a data breach occurs. Our team have prepared some training videos about these new obligations and are happy to share this information, please get in touch with Julia for more information.