From 22 February 2018, data breach notification is mandatory in some cases – for example, where there’s a risk of serious harm.
The Notifiable Data Breaches scheme applies to entities covered by the Privacy Act 1988.
Entities covered by the scheme will need to notify people who they assess as being at risk of serious harm from a data breach. They must also report eligible data breaches to the Office of the Australian Information Commissioner.
Circumstances that might result in an eligible data breach include:
- a device that has someone’s personal information on it is lost or stolen
- a database containing personal information is hacked, or
- personal information is given to the wrong person by mistake
Relevant entities will need to quickly assess suspected data breaches to see if they’re likely to result in serious harm.
- For more information, see Notifiable data breaches on the Office of the Australian Information Commissioner website
- Read the Privacy Amendment (Notifiable Data Breaches) Act 2017
Read more News for health professionals