Privacy Amendment (Notifiable Data Breaches) Act 2017 and What This Means for Your Business

The Australian Privacy Amendment (Notifiable Data Breaches) Act 2017 (Act) is the latest amendment to the Privacy Act 1988. The Australian Law Reform Commission first reviewed the concept and idea of data breach in 2008 . However, after lengthy delays and a 4-year passage through Parliament that started all the way back in 2013, the Act now brings Australia in line with other countries in the world that have long had mandatory data breach laws. But what does the amendment mean for you?

In summary, an eligible data breach means that there is unauthorised access to, unauthorised disclosure of, or loss of personal information held by an accountable organisation; and the access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates. An organization or businesses with an annual turnover of $3,000,000 or more (and some small businesses) must give notification if it has reasonable grounds to believe that an eligible data breach has happened; or if it is directed by the Privacy Commissioner to do so.

The Notifiable Data Breach (NDB) Scheme only requires organisations to notify when there is a data breach (eg unauthorised access, unauthorised disclosure) that is likely to result in serious harm to any individual to whom the information relates. Exceptions to the NDB scheme will apply for some data breaches, meaning that notification to individuals or to the Commissioner may not be required.

Under the NDB Scheme, serious harm will be assessed as having regard to the kinds of information involved, its sensitivity, whether it was protected (including by encryption and access controls), and the kinds of persons who have obtained the information. The objective test will apply to assess reasonableness, meaning that what is reasonable is a question of fact in each individual case.

For more information on whether your business applies and what the relevant penalties may be, please contact Priority Business Lawyers to discuss and consider updating your Privacy Statement.



Authored by

Raea Khan

Director Lawyer

Talk to a Lawyer Today

Speak to us Now on

or Request a Consultation.

We respond within 24 hours.
From Our Experience

Expert Insights That Matter to You

Get Help Today

Request a Consultation

Use the form to request a consultation with one of our expert lawyers.

We will contact you within 24 hours.

Or Speak to us now on

Raea Khan Circle
Director Lawyer
Raea Khan

Raea is Managing Director and Principal Lawyer for PBl Law Group. Raea assists clients with major projects, property developments, construction and strata law.

He has worked in Western Australia and Queensland assisting with expansion projects in the energy and resource sector and now predominately advises clients in Strata and Community Association matters.

He is a member of the Australian College of Strata Lawyers where majority of his work is advising developers and owners corporations with dispute related minor and major defects, strata governance and common property litigation. He is proficient at leading negotiations and meetings.

Raea has a particular interest in the commercial aspect of any dispute and always tries to weigh up the risk, reward and benefit of legal proceedings at each different stage.

Raea enjoys all forms of competitive sport, including Crossfit and actively participates in Triathlons, representing Australia as an age group athlete. He was a member of Red Head Surf Lifesaving club.

  • Strata Law
  • Construction & Major Projects
  • Commercial and Business Law
  • Planning & Environment Law