After a year where privacy remained firmly in the spotlight (including high-profile breaches at Equifax, Dominos and most recently Medicare), there is little likelihood that these issues are going to fade away any time soon.

In fact, for many privacy is currently top of mind as last-minute preparations are made for the introduction of the Federal Government's new mandatory breach notification laws that are set to commence next month.

While these changes do not apply to state and local government entities, most contractors and third parties that they deal with will have to comply. To be protected in the event of a breach of information by a supplier, now is a good time to get up-to-speed on the changes and ensure your contracts deal with their compliance.

Australia's new Notifiable Data Breach scheme

Key changes:

  • The new laws will require a potential breach incident to be assessed and for individuals affected to be notified about the breach within 30 days if there is suspicion of serious harm
  • Individuals affected must be advised about what steps they should take in response
  • If it is determined that a Notifiable Data Breach has occurred, this must be reported to the Australian Information Commissioner
  • Failure to notify will incur a fine.

Read more about the changes here.

Last minute checklist:

For those set to be directly impacted, there is still some time to refine key privacy procedures before the formal introduction of the new laws.

Key procedures include:

  • Devising structures to prevent breaches occurring in the first instance
  • Reviewing the contractual arrangements in place with suppliers and other service providers that may have access to, hold or use, personal information about their clients. Not only is it necessary to ensure that privacy compliance is dealt with as a contractual matter with an organisation's suppliers, but also that there are audit and operational provisions to ensure security
  • Being prepared in the event that your organisation is involved in a data breach – how will you respond and who are your key spokespeople? Being prepared and having an incident response plan can ensure the potentially significant costs are minimised.

We look forward to seeing what the year ahead will bring in the Data and Privacy space. Stay tuned for more updates and see here for a list of our recent news articles.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.