Notifiable Data Breaches scheme
Starting 22 February 2018, organisations with obligations under the Australian Privacy Act 1988 will be required to comply with the Notifiable Data Breaches (NDB) scheme. The NDB scheme requires organisations to notify individuals affected by a data breach that is likely to result in serious harm. There is also the requirement to notify the Australian Information Commissioner, the head of the Office of the Australian Information Commissioner (OAIC). Where it is uncertain if a data breach is likely to result in serious harm, there is the obligation to conduct an assessment of the breach.