Skip to main content

An update from AON

The much anticipated Privacy Amendment (Notifiable Data Breaches) Bill 2016 passed in parliament on 13 February 2017.

The new law means that it is mandatory for you to notify the Office of the Australian Information Commissioner (OAIC) and the affected individuals if your organisation has a data breach.

Who do the changes apply to?

The new law applies to public and private organisations that are already subject to the Privacy Act - this includes Australian Government agencies (excluding state and local government) and all businesses and not-for-profit organisations with an annual turnover more than $3 million.

When will the new law come into effect?

The new law will come into effect within a year, however we recommend that organisations start preparing now.

What happens if you don't comply?

If your organisation doesn't comply with the new laws, you could face penalties including fines of up to $360,000 for individuals and $1.8 million for organisations.

These financial implications will require a systematic change of attitude for many organisations, and conversations around cyber risks and data security need to be elevated to boardroom level.

How can your organisation prepare?

We recommend that you act immediately - appoint a steering committee to address the new law changes, run a full risk assessment and consider your insurance coverage to ensure your organisation is prepared when the law comes into effect.

Aon can assist all of NCOSS members with their insurance needs to help with this requirement. Try Aon’s Cyber Risk Diagnostic Tool today, a short, free tool to help you identify your Cyber Risk exposures or contact Jamie Quinn 02 8623 4234 jamie.quinn@aon.com