15 February 2017

Mandatory data breach reporting Bill enacted in Australia

This article was written by Charles Davies. 

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 was passed by the Australian Parliament on 13 February 2017. The Bill is the third attempt by the Australian Parliament to introduce mandatory data breach notification laws into Australia. Our previous commentary on the content of this Bill is available here.

The Bill was supported by both major political parties in the form in which it was introduced to the House of Representatives on 19 October 2016. Senator Scott Ludlam of the Australian Greens proposed a number of amendments to the Bill, but those amendments were not adopted. The substantive provisions of the Bill will come into force on the earlier of a date to be fixed by proclamation or 12 months from the day it receives Royal Assent.

Amongst the political posturing by the major parties was a comment of interest on a different area of Australian privacy law reform. Senator Penny Wong indicated that the Australian Labor Party would not be supporting the Privacy Amendment (Re-identification Offence) Bill 2016. That Bill was announced by the Attorney-General on 28 September 2016, with the intention that, if enacted, it would apply to conduct that occurred on or after the announcement (rather than from the subsequent date on which the legislation is enacted). The re-identification Bill was introduced to the Senate on 12 October 2016.

Given the potential retroactive effect of the re-identification Bill, it would be prudent for organisations regulated by the Privacy Act 1988 (Cth) to act as if that Bill was in force, at least until its political fate in the Senate is clearer. We intend to provide insights into the detail of the re-identification Bill in a forthcoming publication.

Key contacts

Data Central

Have you checked out our new Data Hub? Data Central contains a range of resources to help our clients minimise the legal, regulatory and commercial risks this data-driven environment presents and ensure that its full value is being realised.

Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    Now is the time to engage with the Consumer Data Right participant accreditation process if your organisation wants to be in a position to receive CDR data on behalf of CDR consumers.

    18 February 2020

    As at 18 December 2019, almost all entities in the ASX200 have held their AGMs. While voting results have generally been less dramatic than in 2018, entities continue to face intense scrutiny,...

    19 December 2019

    This alert summarises the most important differences between the existing listing rules of the Australian Securities Exchange (“ASX”) and the changes which will come into effect on 1 December 2019.

    16 December 2019

    This alert summarises the most important differences between the existing listing rules of the Australian Securities Exchange (“ASX”) and the changes which will come into effect on 1 December 2019.

    12 November 2019

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.