The Privacy Amendment (Notifiable Data Breaches) Act 2017, also known as Notifiable Data Breach (NDB) legislation is an amendment to the Privacy Act 1988 that came into effect on February 22, 2018. The legislation is regulated by the Office of the Australian Information Commissioner (OAIC).
The NDB scheme requires organisations covered by the Australian Privacy Act 1988 (Privacy Act) to notify any individuals likely to be at risk of serious harm by a data breach.
- It affects a significant number of businesses including all those who have turned over $3million in revenue since 2001, it captures a number of other businesses regardless of turnover based on a number of different criteria
- Data breaches that cause serious harm to individuals are reportable
- In the event of non-compliance, the Office of the Information Commissioner (OAIC) can:
- Apply for civil penalty orders of up to $420,000 for individuals (such as directors and sole traders) and $2.1million for organisations and;
- The Commissioner can also make organisations pay compensation for damages and issue a public apology
- For more information regarding the NDB scheme click here