What is changing?

Effective from 22 nd February 2018 amendments to Federal Privacy Act legislation will see mandatory data breach notification laws introduced to Australia for the first time. This will be known as the Notifiable Data Breaches Scheme (NDB) and will impact all organisations covered by the Australian Privacy Act 1988. The NDB scheme will strengthen the protections afforded to everyone’s personal information, improve transparency around breach reporting procedures and provide consumers and the community with confidence that their personal information is being respected and protected.

Who will this impact?

The laws impact directly any entity already captured under the Privacy Act including Government Agencies, not-for-profit organisations and all private health service providers. It also includes all businesses with turnovers greater than $3m.

What is the impact?

The NDB scheme requires organisations as outlined above, to notify any individuals likely to be at risk of serious harm by a data breach. A breach occurs when personal information held by an organisation is lost or subjected to unauthorised access or disclosure.

For example:
✓ A device containing your customers personal information is lost or stolen
✓ A database containing personal information is hacked
✓ Personal information is mistakenly provided to the wrong person.

Any such breach not only needs to be reported to the Office of Australian Information Commissioner (OAIC), but also every impacted individual also needs to be formally notified and details as to remedial action that will be taken. A significant data breach may result in significant costs to your organisation. Costs may range from business interruption, reputational damage, incidence response and legal costs. There is also the potential for large fines (including $360,000 for individuals and $1.8 Million for organisations) to be applied for noncompliance or breaches of these changes. These changes also bring to the fore an important risk exposure that impacts every business in Australia: Cyber.

Ways to protect your business

✓ Assess and manage potential risk exposure to Data Management and potential privacy breaches
✓ Establish data breach response plan
✓ At a minimum, seek protection by implementing Cyber Risk Cover to mitigate your exposure to both first and third party costs in dealing with a cyber-attack and/or data breach issue.


To ensure you have the best protection for your clients and your business, discuss coverage options with your trusted Insurance Advisernet Adviser today or visit insuranceadviser.net for more information.