During this year, Australia will require organisations to notify cyber-breaches to the Privacy Commissioner and to all affected parties. Penalties are $360,000 for individuals and $1.8 million for organisations for not notifying cyber-breaches. There are however many exceptions...

The new Privacy Amendment (Notifiable Data Breaches) Bill 2016  was passed Feb 13 2017 but will not apply immediately. The government has to nominate a starting date during the next 12 months.

The requirement to notify cyber breaches to the Privacy Commissioner and affected persons only applies to organizations for which the Privacy Act applies - not state government agencies,  local councils and organizations with an annual turnover of less than $3million.

Not all  cyber-breaches are notifiable. It depends on whether it is judged that it is likely the breach will likely result in serious harm to affected individuals.

Sanctions for non-compliance are graded from an apology and compensation to those affected to (eventually) implementation of financial penalties by the Privacy Commissioner for serious or repeated non-compliance.

Resources

http://parlinfo.aph.gov.au/parlInfo/download/legislation/ems/r5747_ems_ed12b5bb-d3b3-4a6a-9536-53bb459a00df/upload_pdf/6000003.pdf;fileType=application%2Fpdf

https://www.itnews.com.au/news/what-does-data-breach-notification-mean-for-you-451025

https://www.itnews.com.au/news/australia-finally-has-mandatory-data-breach-notification-450923?eid=3&edate=20170222&utm_source=20170222_PM&utm_medium=newsletter&utm_campaign=daily_newsletter

Privacy Amendment (Notifiable Data Breaches) Bill 2016