Current as at 28 February 2017

The Privacy Amendment (Notifiable Data Breaches) Bill 2016 (the Bill) received Royal Assent on 22 February 2017. The resulting legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017, amends the Privacy Act 1988 (Privacy Act) to require entities covered by that Act to:

  • undertake an assessment process if they are aware that there are reasonable grounds to suspect there may have been an eligible data breach, but does not know if there are reasonable grounds to believe that there has been a breach; and
  • notify both the Office of the Australian Information Commissioner (OAIC) and affected individuals if they are aware that there are reasonable grounds to believe there has been an eligible data breach (after completing the above assessment or otherwise).

To request a full summary of the issues, email us a request at [email protected].


This document is designed to provide helpful general guidance on some key issues relevant to this topic. It should not be relied on as legal advice. It does not cover everything that may be relevant to you and does not take into account your particular circumstances. It is only current as at the date of release. You must ensure that you seek appropriate professional advice in relation to this topic as well as to the currency, accuracy and relevance of this material for you.

Liability limited by a scheme approved under Professional Standards Legislation. Legal practitioners of Radford Lawyers Pty Limited are members of the scheme.