Magazine article Information Management

Australia Passes Data Breach Notification Law

Magazine article Information Management

Australia Passes Data Breach Notification Law

Article excerpt

As reported in several outlets, after years of failed attempts the Australian legislature has passed the country's first mandatory data breach notification law. The law will apply only to companies with more than $2.3 million in annual revenue and will require covered entities to notify the Australian privacy commissioner and affected individuals of certain data breaches. Overseas companies are subject to the law when they hold information on behalf of a covered entity.

The law will apply only to what it defines as "eligible" breaches - those where a reasonable person would conclude there is a risk of "serious harm" to an affected individual after the unauthorized access or disclosure of personal information.

An explanatory memorandum accompanying the legislation explains that serious harm "could include serious physical, psychological, emotional, economic, and financial harm," while only being distressed is not enough to constitute an actionable breach. According to the law, notice is not required if the company takes action to stop serious harm before it occurs. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.