Steven Klimt
Partner •
Sydney
Australia's mandatory notifiable data breaches scheme under the Privacy Act 1988 (Cth) is now in effect, with substantial penalties for non-compliance.
Organisations and Federal agencies subject to the Privacy Act must now provide notice as soon as practicable to the Office of the Australian Information Commissioner and affected individuals where there are reasonable grounds to believe that an "eligible data breach" has occurred (unless an exception applies). Relevantly:
The three key actions you need to take (if you haven't already) are:
Contact your nearest privacy law expert to help you ensure you're ready to comply with it.