Privacy Amendment (Notifiable Data Breaches) Act 2017 and What This Means for Your Business

1 min read
Jump to...

The Australian Privacy Amendment (Notifiable Data Breaches) Act 2017 (Act) is the latest amendment to the Privacy Act 1988. The Australian Law Reform Commission first reviewed the concept and idea of data breach in 2008 . However, after lengthy delays and a 4-year passage through Parliament that started all the way back in 2013, the Act now brings Australia in line with other countries in the world that have long had mandatory data breach laws. But what does the amendment mean for you?

In summary, an eligible data breach means that there is unauthorised access to, unauthorised disclosure of, or loss of personal information held by an accountable organisation; and the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates. An organization or businesses with an annual turnover of $3,000,000 or more (and some small businesses) must give notification if it has reasonable grounds to believe that an eligible data breach has happened; or if it is directed by the Privacy Commissioner to do so.

The Notifiable Data Breach (NDB) Scheme only requires organisations to notify when there is a data breach (eg unauthorised access, unauthorised disclosure) that is likely to result in serious harm to any individual to whom the information relates. Exceptions to the NDB scheme will apply for some data breaches, meaning that notification to individuals or to the Commissioner may not be required.

Under the NDB Scheme, serious harm will be assessed as having regard to the kinds of information involved, its sensitivity, whether it was protected (including by encryption and access controls), and the kinds of persons who have obtained the information. The objective test will apply to assess reasonableness, meaning that what is reasonable is a question of fact in each individual case.

For more information on whether your business applies and what the relevant penalties may be, please contact Priority Business Lawyers to discuss and consider updating your Privacy Statement.

Loading

Loading

Last Updated on January 30, 2025
Picture of Authored By<br>Raea Khan
Authored By
Raea Khan

Director Lawyer, PBL Law Group

Jump to...

Book a 15-Min Consultation​

Rated 5-Star By Our Clients

Latest insights & Practical Guides

Speak to us Now or Request a Consultation.

We will call you within 24 hours.

How Can Our Expert Lawyers Help?

Strata Law

Property and strata disputes, building defects claims, setting up new Owners Corporations and more…

Construction & Building Law

Construction and building disputes, building defects, delays and claims, debt recovery and more…

International Estate Planning

Cross-border estate planning, international wills and trusts, tax-efficient wealth transfer strategies and more…

Commercial & Business Law

Starting and scaling your business, banking and business financing, bankruptcy and insolvency and more…

Planning & Environment Law

Environment and planning regulation, land and environment court disputes, sub-divisions and more…

Wills & Estates

Creating, updating and contesting wills, estate planning and administration, probate applications and more…

Thank You For Your Request.

We’ve received your consultation request and will contact you within the next 24 hours (excluding weekends).

Google 5-star review: Excellent