Australian Government agencies and the various organisations required to secure personal information under the Privacy Act 1988 (Privacy Act) now have data breach notification and assessment obligations under the Notifiable Data Breaches (NDB) scheme.
As of 22 February 2018, these agencies and organisations are required to notify individuals affected by a data breach that is likely to result in serious harm.
They are also obligated to notify the OAIC.
We have published a range of guidance on the NDB scheme.
For information on how to comply with the requirements of the NDB scheme, view our resources for regulated entities.
We have also published a new guide titled Data breach preparation and response, which collates our previously published guidance on data breach notifications, developing a data breach response plan, and the NDB scheme. It’s a valuable resource for all staff involved in privacy compliance.
Guidance is also available for individuals to learn more about what to expect when receiving data breach notifications and what to do after a data breach notification.
Was this page helpful?
If you would like to provide more feedback, please email us at firstname.lastname@example.org