New leg­is­la­tion makes it manda­tory for Aussie busi­nesses to re­port data breaches


TechLife Australia - - HOTSPOT - [ SHARMISHTA SARKAR ]

AF­TER BE­ING DE­BATED for years, the Pri­vacy Amend­ment (No­ti­fi­able Data Breaches) Bill 2016 has fi­nally gone through the House of Rep­re­sen­ta­tives and has been passed by the Se­nate, mak­ing it leg­is­la­tion. All it needs is the royal sanc­tion to be­come law.

The bill ap­plies to or­gan­i­sa­tions sub­ject to the Pri­vacy Act, so state gov­ern­ments, lo­cal coun­cils and busi­nesses with a turnover of less than $3 mil­lion a year are ex­empt. But other or­gan­i­sa­tions in Aus­tralia will be legally obliged to in­form the Aus­tralian In­for­ma­tion Com­mis­sioner and af­fected in­di­vid­u­als of any ‘el­i­gi­ble’ data breach.

Or­gan­i­sa­tions will have to re­port breaches within 30 days, with no­ti­fi­ca­tions re­quir­ing a full de­scrip­tion of the breach along with de­tails on the kind of in­for­ma­tion ac­cessed and how their cus­tomers are to deal with the in­ci­dent. Fail­ure to com­ply with the manda­tory no­ti­fi­ca­tion scheme will be “deemed to be an in­ter­fer­ence with the pri­vacy of an in­di­vid­ual” and will in­cur penal­ties in­clud­ing fines of up to $360,000 for in­di­vid­u­als and $1.8 mil­lion for cor­po­rates.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.