Bloomberg BNA reports:
Companies operating in Australia would be required to notify the data protection authority and affected individuals of data breaches under legislation introduced March 20 in the Senate.
The bill would require companies, organizations and government agencies to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of personal data breaches.
Read more on Bloomberg BNA. The duty to notify would only apply to “serious data breaches” where there is a “real risk of serious harm,” although there are exceptions, and Bloomberg notes:
The bill would also authorize the OAIC to issue regulations that would require notice for breaches of particularly sensitive data, such as health information, regardless of a showing of specific serious harm.