- The Commonwealth Government amended the Privacy Act (Cth) 1988 (Privacy Act) which came into effective as at 22 February 2018 to introduce the Notifiable Data Breach scheme.
- The NDB scheme requires entities to notify individuals and the Office of the Australian Information Commissioner (OAIC) about eligible data breaches.
- A data breach is eligible as a notifiable data breach if it is likely to result in serious harm to any of the individuals to whom the information relates.
- Whether a data breach is likely to result in serious harm is an objective test based upon a reasonable person’s point of view in the position of the entity.
- An entity is exempt from reporting a data breach if an entity acts quickly to remediate the breach and because of this action the data breach is not likely to result in serious harm.
Review our Notifiable Data Breach brochure for more information on what to do in the event of a suspected breach.
More information on the scheme can be found on the website for the Office of the Australian Information Commissioner by visiting www.oaic.gov.au.
If you would like any guidance in relation to preparing for the NDB scheme please contact our Commercial Law team at Beck Legal on 5445 3333.
Written by Daniel Cole, Director at Beck Legal