Jurisdiction - Australia
Australia – New Laws To Be Introduced Requiring Data Breach Notification.

2 June, 2013


Legal News & Analysis – Asia Pacific – Australia – TMT


The Federal Attorney-General has just announced that new laws will be 
introduced in Parliament tomorrow to require businesses and government 
agencies to notify people when a data breach aff ecting their privacy occurs. 


Data breach notifications 

Data breaches can occur as a result of hacking, poor security and for other reasons, such as carelessness.


The new laws will alert consumers to breaches of their privacy so that they 
can change passwords and make other changes, such as improving their 
security settings. 


Data breaches will also be required to be notifi ed to the Offi ce of the 
Australian Information Commissioner (Commissioner). The Commissioner will be able to direct agencies and businesses to notify individuals of data breaches. 


The Commissioner will be able to seek civil penalties if there is a serious or repeated non-compliance with the notification requirements.

The announcement has been welcomed by the Australian Privacy Commissioner, Timothy Pilgrim saying that “mandatory data breach notification will also lead to a better public understanding of the scope and frequency of data breaches, and encourage greater privacy awareness”. 


The proposed laws are to commence on 12 March 2014 and will complement the other major privacy reforms that will commence in Australia in March next year (see summary here).


Currently, data breach notification is voluntary (see the OAIC’s Data breach notification: a guide to handling personal information security breaches here). 


These changes will potentially impose an increased compliance burden on businesses and government entities where there is a data breach However, the changes will bring Australia into line with overseas countries where such notification is already mandatory and should increase public confidence in how personal information is treated, particularly in view of recent high profile data breaches.



For further information, please contact:


Donna Short, Partner, Henry Davis York

[email protected]


Hazel McDwyer, Henry Davis York

[email protected]



Comments are closed.