ALERT: Notifiable Data Breaches Scheme
8
ALERT
Just a reminder: from the 22 February 2018 the Notifiable Data Breaches Scheme becomes effective in Australia. The relevant Act applies to businesses with an annual turnover of $3 million or more, meaning practically all retailers. The scheme applies to “data breaches involving personal information that are likely to result in serious harm to any individual affected”. The phrase ‘likely to occur’ means the risk of serious harm to an individual is more probable than not (rather than possible). ‘Serious harm’ is not defined in the Privacy Act, but in the context of a data breach, serious harm to an individual may include serious physical, psychological, emotional, financial, or reputational harm. One of the consequences of this new scheme for retailers will be market damage, as the forced disclosure will expose data breaches previously wiped under the carpet…