CEO Scott & Broad Insurance Brokers
If you are a business with an annual turnover exceeding $3M this will affect you.
Australia will have a mandatory data breach notification scheme in place within the year following the passage of legislation through the senate in February of this year.
The Labor and Liberal parties united to pass the government's Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law.
The newly-passed law means organisations that determine they have been breached or have lost data will need to report the incident to the Privacy Commissioner and notify affected customers as soon as they become aware of a breach.
The notification must include a description of the data breach, the kind of information involved, and how customers should respond to the security incident.
Those that fail to notify face penalties including fines of $360,000 for individuals and $1.8 million for organisations.
Organisations with a turnover less than $3 million a year, fall outside the legislation.
The legislation considers a serious breach to have occurred when there is unauthorised access to, disclosure or loss of customer information held by an entity, which generates a real risk of serious harm to individuals involved.
Such information includes personal details, credit reporting information, credit eligibility information, and tax file number information.
It is now anticipated that the scheme will come into operation February 2018.