New requirements under the Privacy Act as of February 2018

(Note: ONLY applicable to organisations with an annual turnover of $3 Million)

The Privacy Act was amended in February 2017, with the changes due to take effect on February 22, 2018.The new law introduces a Notifiable Data Breaches (NDB) scheme that requires all organisation regulated by the Privacy Act (including OOSH services) to provide notice to the Office of the Australian Information Commissioner (formerly known as the Privacy Commissioner) and affected individuals of any data breaches (i.e. data leaks) that are “likely” to result in “serious harm.”

Organisations that suspect an eligible data breach may have occurred must undertake a reasonable and expeditious assessment to determine if the data breach is likely to result in serious harm to any individual affected.

You can find out more about the Notifiable Data Breaches scheme, and the mandatory notification process:

www.oaic.gov.au/privacy-law/privacy-act/notifiable-data-breaches-scheme