Emil Ford Lawyers

New Privacy Laws could be on the way

The Federal Attorney General’s Department has recently released an exposure draft, proposing amendments to the Privacy Act 1988 (CTH).

The Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 proposes to introduce a mandatory reporting scheme for serious data breaches. According to the Bill, a serious data breach occurs if:

  1.  there is unauthorised access to, unauthorised disclosure of, or loss of, personal information (or certain other information) held by an entity; and
  2. as a result, there is a real risk of serious harm to any of the individuals to whom the information relates.

The Bill broadly defines harm to include physical, psychological, emotional, reputational, economic and financial harm. An organisation need not have actual awareness of a data breach, but is also bound if they “ought reasonably to be aware, that there are reasonable grounds to believe that there has been a serious data breach”.

If the Bill is passed, this mandatory reporting scheme will apply to all entities bound by the Privacy Act: essentially, any organisation with an annual turnover over $3 million. Organisations will need to update their privacy policies to ensure that they are prepared to respond to possible privacy breaches. Organisations could also face fines and penalties for failing to comply with this mandatory reporting scheme, especially given that actual knowledge of a breach is not required.

At this point, the Bill is still in the Exposure stage, with the Attorney-General’s Department calling for submissions from interested parties by 4 March 2016.

More information is available here: https://www.ag.gov.au/consultations/pages/serious-data-breach-notification.aspx.

Suite 4 Level 5
580 George Street
Sydney NSW 2000
Phone: +61 2 9267 9800
Fax: +61 2 9283 2553