Australian Mandatory Data Breach Notificaiton Requirements

In Australia, mandatory notification of data breach are provided to the Office of the Australian Information Commissioner (OAIC).

Organisations are required to notify the OAIC of data breaches that meet the notification criteria set out in the Privacy Act 1988 (Cth). These criteria include where there is unauthorised access or disclosure of personal information held by the organisation, and where that access or disclosure is likely to result in serious harm to any individual.

The laws require organisations to notify individuals of data breaches that could result in serious harm. Notifications must be made as soon as practicable after the breach has been confirmed.

Organizations must also notify the Office of the Australian Information Commissioner (OAIC) of eligible data breaches. The OAIC may investigate eligible data breaches, and can take enforcement action if it finds that an organization has breached the Privacy Act 1988.

Individuals can make a complaint to the OAIC if they think an organization has breached their privacy, including by failing to notify them of a data breach.

The OAIC provides a range of resources on its website to help organisations with their data breach response, including a data breach notification template and a data breach notification checklist. The OAIC also offers a free data breach notification service for small businesses.

The notification must include:

  • The name and contact details of the organization
  • A description of the data breach
  • The types of information involved in the data breach
  • The steps individuals can take to mitigate the harm from the data breach

Individuals can also make a complaint to the OAIC if they believe that their personal information has been subject to a data breach.

We will be happy to hear your thoughts

Leave a reply