From February 22nd 2018, the Notifiable Data Breaches (NDB) scheme applies to organisations and agencies regulated by the Privacy Act 1988
This will include businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit reporting agencies and health service providers
State government organisations, local councils and businesses with a turnover less than $3 million a year will not be considered eligible and won’t be obligated to the new law.
What is an eligible data breach?
If there is unauthorised access to, unauthorised disclosure of, or loss of, personal information held by an entity
The access, disclosure or loss is likely to result in serious harm to any of the individuals to whom the information relates.
Individuals will have to be notified if:
The entity reasonable grounds to believe that an eligible data breach has happened
It is directed to do so by the Commissioner