Notifiable Data Breaches scheme begins

Notifiable Data Breaches scheme begins operation

The Notifiable Data Breaches (NDB) scheme under Part IIIC of the Privacy Act has mandated how to respond to data breaches from 22 February.

Companies must notify a breach that is likely to result in serious harm to people whose personal information is involved.

When an entity experiences an eligible data breach, it must provide a statement to the commissioner, and notify individuals at risk of serious harm from the contents of the statement.

The NDB scheme applies to agencies and organisations that must take steps to secure certain types of personal information.  They include federal agencies, businesses and not-for-profit organisations with an annual turnover of $3 million or more, credit-reporting bodies, health-service providers, and tax-file-number recipients, among others.


Further information can be found at