In early 2016, the Australian government invited submissions on
proposed legislation that would require
mandatory notification of a data breach to the Office of the
Australian Information Commissioner ("OAIC"). Currently,
data breach notification to the OAIC is voluntary except for
special circumstances, such as breaches involving medical records.
As proposed, the legislation would require notification in any
instance of a loss or misuse of personal information creating a
risk of serious harm to affected individuals.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.