The much anticipated Privacy Amendment (Notifiable Data Breaches) Bill 2016 passed in parliament on 13 February 2017.
The new law means that it is mandatory for you to notify the Office of the Australian Information Commissioner (OAIC) and the affected individuals if your organisation has a data breach.
Who do the changes apply to?
The new law applies to public and private organisations that are already subject to the Privacy Act – this includes Australian Government agencies (excluding state and local government) and all businesses and not-for-profit organisations with an annual turnover more than $3 million.
When will the new law come into effect?
The new law will come into effect within a year, however we recommend that organisations start preparing now.
What happens if you don’t comply?
If your organisation doesn’t comply with the new laws, you could face penalties including fines of up to $360,000 for individuals and $1.8 million for organisations.
These financial implications will require a systematic change of attitude for many organisations, and conversations around cyber risks and data security need to be elevated to boardroom level.
How can your organisation prepare?
We recommend that you act immediately – appoint a steering committee to address the new law changes, run a full risk assessment and consider your insurance coverage to ensure your organisation is prepared when the law comes into effect.
Aon can assist all of VA members with their insurance needs to help withy this requirement. Can you circulate to all members so they are aware of the new requirements and if they have any queries please do not hesitate to have them contact Jamie Quinn –