On February 22, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) ("Amendment Act") came into effect. Under the Amendment Act, entities regulated by the Privacy Act 1988 (Cth) must notify the Office of the Australian Information Commissioner and affected individuals if there has been an EDB. The Amendment discusses two types of EDBs: (i) when there has been unauthorized disclosure or access to personal information that would likely result in harm; and (ii) when unauthorized disclosure or access to personal information is likely to occur and would result in harm.
The following Jones Day lawyers contributed to this section: Adam Salter and Katharine Booth.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
