Bird & Bird's guide to Australia's new data breach notification requirements seeks to summarise the key elements of the new law and assist organisations that are established, or conduct business, in Australia to understand and comply with their data breach notification obligations.

The data breach notification scheme is set out in Part IIIC of the Privacy Act 1988 (Cth), and commences on 22 February 2018. The new data breach regime requires any organisation which is bound by the Privacy Act to notify the Australian regulator (the Office of the Australian Information Commissioner, or OAIC) and affected individuals if it suffers an eligible data breach.  An eligible data breach, also known as a notifiable data breach, is a data breach that a reasonable person would believe is likely to result in serious harm to an individual, and triggers a number of notification requirements.  

Download the Bird & Bird guide to Australia's Notifiable Data Breach Act