Commencement of the Notifiable Data Breaches Scheme
The Hon Christian Porter MP
Minister for Law Enforcement and Cyber Security
The Hon Angus Taylor MP
New rules around mandatory reporting of serious data breaches come into effect from today.
Through the Notifiable Data Breaches Scheme, the Australian Government is setting new standards of accountability and transparency to protect individuals' personal information.
Entities subject to the Privacy Act 1988 – including most Australian Government agencies, businesses with an annual turnover of more than $3 million, and specific categories of smaller businesses, such as health providers – are now required to notify individuals if their personal data has been involved in a serious breach.
Under the Scheme individuals may be fined up to $420,000 for non-compliance, and corporations up to $2.1 million.
Data breaches that might increase the risk of serious harm include the release of sensitive information about an individual's health, Medicare card information, driver's licences, passport details, or financial information.
Attorney-General Christian Porter said the new Scheme sent a clear message that the Government was taking the security of personal information seriously.
"This means that Australians will know if their personal information has been breached and will be empowered to protect themselves, by being able to act quickly to minimise damage," Mr Porter said.
Minister for Law Enforcement and Cyber Security Angus Taylor said not knowing how to protect client or customer data was becoming a poor excuse. 2
"There is a lot of information now available on cyber security. The onus is with business operators, with organisations and with government agencies, to put measures in place to reduce the risk of data breaches," Mr Taylor said.
For more information on the Scheme visit the Office of the Australian Information Commissioner's website.
If you believe you have been impacted by malicious cyber activity contact the Australian Cyber Security Centre.