Three significant legal privacy reforms will commence over the course of 2018 in Australia.  The reforms are:

  1. Mandatory notifications of data breaches under the Privacy Act 1988 (Cth);
  2. The General Data Protection Regulation, a European Privacy Law with extraterritorial reach to Australia; and
  3. The Australian Government Agencies’ Privacy Code.

Notifiable data breaches under the Privacy Act will affect almost every organisation in Australia.  This will include all Australian government agencies, almost all businesses and not-for-profit organisations with a turnover of more than $3M per annum together with some smaller businesses such as health service providers and contracted service providers to the Commonwealth.  Also effected are organisations with tax file numbers; credit providers and credit reporting bodies.

The amendments require notification of certain types of data breaches.  Notifiable data breaches are incidents that involve the loss of, or unauthorised access to or disclosure of, personal information that is likely to result in serious harm to one or more individuals.

If the data breach meets this threshold test, notification is required as soon as practicable to the Australian Privacy Commission and the affected individuals.  The legislation sets out the factors that impact whether a data breach is ‘likely to result in serious harm’; the timeframes in which an assessment must be carried out on a suspected breach; and what a notification must contain and how the notification must be made.

Based on an early engagement, William Roberts Lawyers can assist Boards and Management in navigating and complying with their legal obligations.

The General Data Protection Regulation
The general data protection regulation regulates businesses based in the European Union and any organisation around the world that provides goods and services to, or monitors the behaviour of, people in the European Union including the United Kingdom post Brexit.

One of the new principles in the general data protection regulation is the accountability principle which requires organisations to be proactive in that if an organisation does not have an effective privacy compliance program, the organisation can be found to be in breach of its data protection obligations even if there is no actual data breach.

William Roberts Lawyers can work actively with the assist Boards and Management so as to document and audit an insured’s privacy compliance program

Related News

‘Reliance on Third-Party Providers is Always a Risk’: ASIC’s Renewed Focus on Cybersecurity for Financial Institutions

Major cyber-attacks against Medibank and Optus in 2022 pushed cyber security to the forefront for many Australian businesses. Last month, the Australian Securities and Investment

Read More

Get in touch

Contact our team today

Stay informed

Keep up-to-date with our regular news and insights

This field is for validation purposes and should be left unchanged.
William Roberts Lawyers


Level 22
66 Goulburn Street


Level 21
535 Bourke Street


Level 8
300 Ann Street


Level 19
Singapore Land Tower
50 Raffles Place