ADIA > News > News and media > Notifiable Data Breaches (NDB) Scheme

Notifiable Data Breaches (NDB) Scheme

Jan 19 2018


The Notifiable Data Breaches (NDB) scheme is an amendment to the existing Privacy Act. The NDB scheme introduces mandatory data breach notification obligations. The scheme will also toughen up privacy obligations by companies working with personal information with considerable fines (of up to $1.7 million) for a privacy breach.

As of 22 February 2018 this amendment will require organisations working under the Privacy Act 1998 (Cth) to notify any individuals likely to be at risk of serious harm by a data breach. The Office of the Australian Information Commissioner (OAIC) must also be notified.

Organisations should have a plan in place as they will need to be prepared to conduct quick assessments of suspected data breaches to determine if they are likely to result in serious harm.

We remind AMSRO members that working under our Privacy (Market and Social Research) Code offers members important risk mitigation (with AMSRO being the administrator of the code) plus professional and relevant privacy advice.

AMSRO’s Privacy Compliance Committee presented an exclusive and free member NDB webinar on Monday 29 January 2018 for all members – a copy of the presentation is available here.

AMSRO member resources:

Read AMSRO’s submissions to the OAIC NDB Scheme: