Recent Amendments to the Commonwealth Privacy Act
On 22 February 2018 the law changed by reason of The Privacy Amendment (Notifiable Data Breaches) Act 2017. This legislation details what needs to happen if and when a company suffers a loss of personal data to an outside attacker. Businesses can no longer ignore the problem, in fact, positive steps must be taken. Many small organisations are subjected to data hacking for malicious purposes. This hacking emanates from all over the world.
If a business experiences a data breach, they must notify the Office of the Australian Information Commissioner and notify all affected individuals. This could have a significant impact on the reputation and brand of the business and confidence in its ability to keep private information private. The legislation introduces an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The notification must include recommendations about the steps individuals should take in response to the breach. The legislation only applies to data breaches involving personal information that are likely to result in serious harm to any individual affected. There are a few exceptions which relate to eligible data breaches of other entities, enforcement related activities etc.
For more information, on how this may affect your business or clients that you act for, please refer to the attached link: www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme