Notifiable Data Breaches scheme

Small businesses should be aware of new Australian legislation (Privacy Act 1988 (Cth)) that will come into effect on the 22 February 2018. If you trade in personal information for example, small businesses will still be caught by the new Legislation.

The Notifiable Data Breaches scheme introduce an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The notification is to also include recommendations about steps individuals should take in response to the breach. The Australian Information Commissioner (AIC) must also be notified of the breaches.

An eligible data breach arises when the following three criteria are satisfied:
  1. there is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that the Small businesses holds; and 
  2. this is likely to result in serious harm to one or more individuals; and 
  3. the Small businesses has not been able to prevent the likely risk of serious harm with remedial action.
Small businesses should ensure they are ready to evaluate and deal with such a breach.

By Ian Cimino 
Principal Lawyer
Prompt Legal Services