Privacy Breach Mandatory Notification Legislation

home / Privacy Breach Mandatory Notification Legislation

From 23rd February 2018, the Privacy Act 1998 has been amended to include the Mandatory Data Breach Notification Law.

This law will make it compulsory for all data breaches relating to personal data to be reported to the Australian Information Commissioner (OAIC).

Previously, businesses were only encouraged to report data breaches and weren’t legally bound to report/inform customers.

The new data breach law effects every organisation with an annual revenue over $3,000,000 and any smaller business (under $3,000,000) that handles personal information.

Businesses will have a 30-day timeframe from the time they become aware of the breach to assess whether an incident is an ‘eligible data breach’, and if so, report it to the OAIC.

Failure to act and report a breach will see fines and penalties up to $360,000 for individuals and $1,800,000 for organisations.

More information is availabble at the following link

Some key points for consideration;

  • Australia faced over 10 million cyber attacks in 2017 (Deloitte consulting Services Study)
  • 19% or 400,000 of 2.1 million Australian SME’s have had a cyber attack (Norton SMB Cybersecurity Survey)
  • SME – companies employing less than 20 staff, or turnover up to $5,000,000
  • 60% of Australian cyber attacks target SME’s (lack resources to invest in security)
  • Over one million new pieces of malware (ie. a virus) are created everyday


Call our office on 1300 797 830 or email to arrange a cyber insurance quote.


Conditions apply for each policy and the information expected from you for a policy to trigger. Coverage may differ based on specific clauses in individual policies. Please ask your broker to explain the additional benefits and exclusions pertaining to your policy.

The information provided is general advice only and does not take account of your personal circumstances or needs. Please refer to our financial services guide which contains details of our services and how we are remunerated.