Significant amendments to the Privacy Act were made which will take effect on 23 February 2018.
Certain APP entities (those with a turnover of more than $3m), will be obligated to report actual and suspected data breaches. This duty to notify individuals whose personal information had been compromised is intended to give them the opportunity to take steps to minimise the harm arising from the breach.
A ‘breach’ includes for example, lost or stolen computer devices, hacking of databases or mistakenly providing information to the wrong person. As soon as practicable, the APP entity must provide a statement to the Privacy Commissioner containing certain information and notify the individual concerned. This will be compulsory but there are certain exceptions.
Disclaimer: The above summary is not legal advice. Employers should contact NECA Legal (WA) Pty Ltd to discuss these matters further on (08) 6241 6129 or email firstname.lastname@example.org