New scheme helps protect personal information

5 February 2018

From 22 February 2018, data breach notification is mandatory in some cases – for example, where there’s a risk of serious harm.

The Notifiable Data Breaches scheme applies to entities covered by the Privacy Act 1988.

Entities covered by the scheme will need to notify people who they assess as being at risk of serious harm from a data breach. They must also report eligible data breaches to the Office of the Australian Information Commissioner.

Circumstances that might result in an eligible data breach include:

  • a device that has someone’s personal information on it is lost or stolen
  • a database containing personal information is hacked, or
  • personal information is given to the wrong person by mistake

Relevant entities will need to quickly assess suspected data breaches to see if they’re likely to result in serious harm.

Next steps

Read more News for health professionals

Page last updated: 5 February 2018