On February 22, 2018, the Privacy Amendment (Notifiable Data Breaches) Act 2017 goes into effect, requiring all businesses in Australia to notify the Office of the Australian Information Commissioner (OAIC) and any impacted clients about significant data breaches. Here’s everything you need to know about this law and how it may impact your business.

Watch our Webinar with Sophos below


Am I affected?

The changes apply to the following organisations

  • Companies and NFP’s with annual turn over greater than $3M
  • Private health service providers, child care centres, Private schools, Accountants, Solicitors, businesses that sell personal information, credit reporting bodies and others who trade in personal information (regardless of annual turnover).
  • Commonwealth Public Sector Agencies.
What is an Eligible Data Breach?

The requirements for an Eligible Data Breach are that:

  • there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity; and
  • the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.

Penalties may amount to $360,000 for individuals and $1.8M for companies, where there has been a failure to declare a Notifiable Data Breach, interference with the privacy of individuals will be deemed to have occurred. This may include a written direction to an entity to issue a data breach notification and/or civil penalties for serious and/or repeated interferences.

Preventative Measures

The OAIC has provided guidance as to reasonable steps that can be found here. Steps include, but are not limited to: performing Privacy Impact Assessments, creating and maintaining privacy and security policies, developing a data breach response plan, ensuring that IT software and security is comprehensive, up to date and monitored and obtaining insurance specific to cyber security risks.

Notifiable Data Breach »


First of all, let’s take a look at what is the main cause of data breaches today. This is how companies lost data in 2016: Hacking or malware leads the way with 57%, followed by unintended disclosure. In fact, incidents caused by hacking or malware represent over 90% of all the breached records. A staggering amount of data that could have been protected with better security.

Dynamic Business Technologies can complete an assessment of the current environment, and prepare a readiness plan that aligns with the requirements from the Office of the Australian Information Commissioner.

Register below to discuss how prepared you are for the Notifiable Data Breach Legistlation