Australia's Data Breach Laws

'Privacy Alerts' bill to bring mandatory data breach notification into force.

Under the draft legislation, the Federal Government would consider a data breach to be serious if an organisation is delinquent in its requirements under the new Australian Privacy Principles to take reasonable steps to secure customer personal information.

The breached data, lost or stolen, would need to expose customers to a "real risk of serious harm" and potentially subject to unauthorised access or disclosure.

There would need to be a less than remote chance that breached data could be used to damage a customer's reputation and hip pocket.

Repeat and serious offenders face financial penalties of up to $340,000 for individuals or $1.7 million for organisations - a maximum penalty which was last month increased from $220,000 and $1.1 million respectively.,exposed-australias-data-breach-laws.aspx