In response to high profile cases of data breaches both overseas and in Australia, the Notifiable Data Breaches Scheme came into effect 22 February 2018, under the Privacy Act.

The scheme is designed to protect the privacy of personal data and to ensure that breaches are notified.  The types of breaches are things such as computer hacking, ransomware or inadvertently sending an email to the wrong recipient.

This legislation affects those organisations and or agencies with personal information security obligations, such as:

  • Australian Government agencies; 
  • Business and not-for-profit organisations with annual turnover of $3 million or more; 
  • Credit reporting bodies;
  • Health service providers; and
  • Tax file number recipients. 

This wide scope is likely to encompass most types of businesses.

Where there has been a breach of data that your organisation or agency holds, you must take the following steps to notify the person concerned, advise them of steps they can take and notify the Australian Information Commissioner.

To be considered an ‘eligible data breach’ it must be determined that:

  • There has been unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds;
  • That the access or disclosure is likely to result in serious harm to one or more individuals; and
  • The entity has not been able to prevent the likely risk of serious harm with remedial action.

In many cases, the breach can be remedied, such as where the data was encrypted, or where an email was inadvertently sent to a trusted recipient who has deleted it.

Should a data breach and consequent failure to report a data breach result in a reprimand, fines of up to $360,000 per individual and $1.8 million per organisation or entity can be issued. It is therefore important that if you have any concerns about a potential data breach, or the way in which it is being handled, that you contact a lawyer for legal advice.

As always, the information provided is for your general information only and we ask you to call our office on 1800 650 656 to obtain detailed legal advice for your individual situation or to undertake our free business legal healthcheck.

Angus Edwards | Solicitor