* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [CSO Perspective](https://origin-researchcenter.paloaltonetworks.com/blog/category/cso-perspective/)
* How Businesses Should Pre...

# How Businesses Should Prepare for Australia's New Mandatory Data Breach Notification Laws

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2017%2F04%2Fcso-businesses-prepare-australias-new-mandatory-data-breach-notification-laws%2F)  
[](https://twitter.com/share?text=How+Businesses+Should+Prepare+for+Australia%E2%80%99s+New+Mandatory+Data+Breach+Notification+Laws&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2017%2F04%2Fcso-businesses-prepare-australias-new-mandatory-data-breach-notification-laws%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2017%2F04%2Fcso-businesses-prepare-australias-new-mandatory-data-breach-notification-laws%2F&title=How+Businesses+Should+Prepare+for+Australia%E2%80%99s+New+Mandatory+Data+Breach+Notification+Laws&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2017/04/cso-businesses-prepare-australias-new-mandatory-data-breach-notification-laws/&ts=markdown)  
\[\](mailto:?subject=How Businesses Should Prepare for Australia’s New Mandatory Data Breach Notification Laws)  
Link copied  
By [Sean Duca](https://www.paloaltonetworks.com/blog/author/sean-duca/?ts=markdown "Posts by Sean Duca")  
Apr 18, 2017  
4 minutes  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[APAC](https://www.paloaltonetworks.com/blog/tag/apac/?ts=markdown)  
[Australia](https://www.paloaltonetworks.com/blog/tag/australia/?ts=markdown)  
[data breach](https://www.paloaltonetworks.com/blog/tag/data-breach/?ts=markdown)

Australia, like other countries, has not been immune to data breaches in which personal information has been exposed. The much-anticipated Privacy Amendment (Notifiable Data Breaches) Bill 2016, whereby organisations will be legally obliged to disclose data breaches, has been passed by the Australian Federal Government, and the laws will come into effect within the next 12 months. The bill applies to all Australian government agencies, businesses, and not-for-profit organisations governed by the Privacy Act with an annual turnover of more than $3 million, with some exceptions.

Some small business operators (organisations with a turnover of $3 million or less) are covered by the Privacy Act, including:

* Private sector health service providers. [Organisations providing a health service](https://www.oaic.gov.au/privacy-law/privacy-act/health-and-medical-research) include:
  
  * Traditional health service providers, such as private hospitals, day surgeries, medical practitioners, pharmacists and allied health professionals.
  * Complementary therapists, such as naturopaths and chiropractors.
  * Gyms and weight-loss clinics.
  * Child care centres, private schools and private tertiary educational institutions.

* Businesses that sell or purchase personal information; consumer credit reporting information, including credit reporting bodies, credit providers (which includes energy and water utilities and telecommunication providers) and tax file numbers; and certain other third parties.

Once the mandatory data breach notification scheme comes into force, organisations will need to report any 'eligible' data breaches to the [Australian Privacy and Information Commissioner](https://www.oaic.gov.au/), and notify customers that may have been affected as soon as possible.

The government classifies a data breach as an instance where there has been "unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (the affected individuals), or [where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure"](https://www.oaic.gov.au/agencies-and-organisations/guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches).

It qualifies as an "eligible data breach" when there is a likelihood that the individuals who are affected by the incident are at "risk of serious harm" because their information have been exposed.

When contacting the Australian Privacy and Information Commissioner about affected customers, businesses must include a description of the data breach, what kind of information has been compromised, and the steps that individuals can take to respond and protect themselves due to the incident.

### What if I don't comply?

Failure to comply with the new notification scheme will be "deemed to be an interference with the privacy of an individual" and there will be consequences.

A civil penalty for serious or repeated interferences with the privacy of an individual will only be issued by the Federal Court or Federal Circuit Court of Australia following an application by the Commissioner. [Serious or repeated interferences with the privacy of an individual attract a maximum penalty of $360,000 for individuals and $1,800,000 for bodies corporate.](http://www.austlii.edu.au/au/legis/cth/bill_em/padbb2016356/memo_0.html)

### What actions should I take now?

If your organisation has been lax with data security policies, this is a wake-up call that the government is taking data breaches more seriously.

Every organisation should begin to:

* Review your data collection practices and policies, internal data-handling, and data-breach policies to reflect the new requirements and ensure personal information is collected and stored only when needed.
* Audit how you are holding data and whether any sits with third parties (for example, in the cloud) on your organisation's behalf.
* Strengthen your cybersecurity defences. Visibility is key. This means reviewing your cybersecurity strategies and practices to ensure that steps are in place to avoid data breaches or you have outlined ways to reduce administrative errors, which could lead to a **breach**. For example:
  * Who has access to the data and do they need access to the data? Reducing or limiting access reduces the possibility of anyone inadvertently leaking the data or a cyber criminal getting access to data.
  * For sensitive data, think of how it could be shared. Is there the right governance in place to prevent someone from sharing or breaking a business process? Many times a process needs to be updated to ensure there is a balance between the risk and productivity.

Now is the time to sit down, have these conversations, and look at how you're protecting customer data and whether your security practices are adequate. For organisations that have been reluctant to invest in information security practices, this legislation alone should not be the primary driver to protect your organisation and, ultimately, your customers' data.

As a priority, every organisation should continually review its data security to ensure that no customer data is unwittingly compromised. You should look at using a risk-based methodology for managing privacy and not wait for the law to come into effect, as the time to act is now.

*** ** * ** ***

## Related Blogs

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Cybersecurity](https://www.paloaltonetworks.com/blog/category/cybersecurity-2/?ts=markdown)

[#### New Report: The State of Cybersecurity in Asia-Pacific](https://origin-researchcenter.paloaltonetworks.com/blog/2017/07/cso-new-report-state-cybersecurity-asia-pacific/)

### [CIO/CISO](https://www.paloaltonetworks.com/blog/category/ciociso/?ts=markdown), [Incident Response](https://www.paloaltonetworks.com/blog/category/incident-response/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Salesforce-Connected Third-Party Drift Application Incident Response](https://origin-researchcenter.paloaltonetworks.com/blog/2025/09/salesforce-third-party-application-incident-response/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown), [Unit 42](https://www.paloaltonetworks.com/blog/category/unit42/?ts=markdown)

[#### Securing the AI Before Times](https://origin-researchcenter.paloaltonetworks.com/blog/2025/08/securing-ai-before-times/)

### [Cloud Infrastructure Entitlement Management](https://www.paloaltonetworks.com/blog/category/cloud-infrastructure-entitlement-management/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/category/cloud-workload-protection/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)

[#### The Next Wave of Cybersecurity](https://origin-researchcenter.paloaltonetworks.com/blog/2025/06/next-wave-cybersecurity/)

### [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Advancing Cybersecurity in Australia](https://origin-researchcenter.paloaltonetworks.com/blog/2025/05/advancing-cybersecurity-in-australia/)

### [Predictions](https://www.paloaltonetworks.com/blog/category/predictions/?ts=markdown)

[#### Cybersecurity Trends on the Horizon Across APAC for 2025 and Beyond](https://origin-researchcenter.paloaltonetworks.com/blog/2024/12/cybersecurity-trends-across-apac-2025/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language