The Notifiable Data Breaches (NDB) scheme comes into effect today, requiring agencies and organisations in Australia that are covered by the Privacy Act to notify individuals whose personal information is involved in a data breach that is likely to result in “serious harm”, as soon as practicable after becoming aware of a breach.
Launching the new legislative direction on Thursday, Australia’s outgoing Information and Privacy Commissioner Timothy
Pilgrim said the NDB represents a significant boost to privacy governance in Australia. He said the requirements of the NDB scheme, however, are neither exceptional nor unexpected, noting rather that the scheme formalises a long-held expectation of consumers and the Australian community more broadly.
“Meeting privacy obligations and the expectations of the community continues to be essential. Only by demonstrating a commitment to privacy can organisations build and maintain people’s trust and a social licence for innovative uses of data,” he explained.
“The success of an organisation that handles personal information, or a project that handles personal information, depends on trust. People have to trust that their privacy is protected and be confident that personal information will be handled in line with their expectations.
“As a result, privacy today is really about transparency and accountability.”