Oz: the Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Cth) (Bill) was finally introduced into the Senate on 19th October 2016 and involves a few novelties:
- data breaches are not anymore identified with “serious” but merely “eligible”
- risk is not “real risk of serious harm” anymore, but “likely risk of serious harm”.
- regarding the notificaiton duty, companies are not subject anymore to having ” reasonably been aware of”
- an additional exception: data breaches will not be considered an eligible data breach anymore (and, therefore, notification’s duty won’t stand) if the remedial action could mean that there is no longer a likely risk of serious harm;
- amendments to the factors deemed relevant as to whether there is a likely risk of serious harm
- clarification as to when a notification must be given to affected individuals or on the entity’s website).