Data breach law has been a hot topic recently. On 19 October 2016, the Privacy Amendment (Notifiable Data Breaches) Bill 2016 was introduced to Parliament.
The new bill, if passed, will make it mandatory for businesses, to notify affected individuals and the OAIC where a data breach has occurred or where data has been lost where unauthorised access or disclosure is likely to occur.
For a data breach to fall within the meaning of the bill, the disclosure or unauthorised access of the data would lead a reasonable person to conclude that affected individuals would be likely to suffer serious harm from the access or disclosure of the data.
The new laws will place a time limit of 30 days (from the day suspicion of a breach developed) for a business to assess whether there are reasonable grounds to believe a data breach has occurred. After which the entity must prepare a statement including the businesses contact details, nature of the breach and steps for individuals to take in response, to be sent to both individuals and the OAIC.