Law Society Northern Territory; PublicationNT; E-Journals
This publication contains many links to external sites. These external sites may no longer be active.; Made available via the Publications (Legal Deposit) Act 2004 (NT).; Celebrating 50 years 1968 - 2018 Law Society NT
Law -- Northern Territory -- Periodicals.; Law Society of the Northern Territory -- Periodicals.
Law Society Northern Territory
Issue no. 1
Law Society Northern Territory
C O V E R S T O R Y L A W S O C I E T Y N T 2018: A year of significant changes to privacy law, affecting legal practices and clients Snapshot Two significant reforms to privacy law commence in 2018. Legal practitioners will need to consider the impact on clients, as well as on the operation of their own legal practices. The changes will affect all medium-large Australian businesses; some smaller businesses depending on the nature of their business; all Australian government agencies; and to a lesser extent state and territory agencies and small businesses in their capacity as employers. The changes include mandatory notification of data breaches, and the extension of European data protection law to Australia. February Notifiable data breaches Who is affected Commencing 22 February, amendments to Part IIIC of the Privacy Act 1988 (Cth) will affect almost every organisation in Australia in some way: All entities already required to comply with the 13 Australian Privacy Principles (APPs), which includes all Australian government agencies, almost all businesses and non-profits with a turnover of more than $3m pa, plus some smaller businesses such as health service providers and contracted service providers to the Commonwealth; All organisations which receive Tax File Numbers (TFNs) which will include bodies not regulated by the APPs, such as state and territory agencies and most small businesses, in their capacity as employers; and Credit providers and credit reporting bodies. The key requirements The amendments require notification of certain types of data breaches. Notifiable data breaches are incidents which involve the loss of, or unauthorised access to or disclosure of, personal information (or a TFN, or credit eligibility/reporting information) and which are likely to result in serious harm to one or more individuals. When a data breach meets this threshold test, notification is required, as soon as practicable, to both the Australian Privacy Commissioner and the affected individuals. The Privacy Commissioner is part of the Office of the Australian Information Commissioner (OAIC). The legislation sets out the factors which impact on whether or not a data breach is likely to result in serious harm; the timeframes in which an assessment must be carried out on a suspected breach; what a notification must contain; and how a notification must be made. A failure to comply with the new notification requirements attracts a civil penalty of up to $2.1m. The takeaway There are two objectives driving the move towards mandatory notification of data breaches. The first is to fulfil a duty of care to the affected individuals, by letting them know that their personal information has been put at risk. The second is to create a sufficient financial disincentive, such as to prompt organisations into investing F E A T U R E L A W S O C I E T Y N T
Aboriginal and Torres Strait Islander people are advised that this website may contain the names, voices and images of people who have died, as well as other culturally sensitive content. Please be aware that some collection items may use outdated phrases or words which reflect the attitude of the creator at the time, and are now considered offensive.
We use temporary cookies on this site to provide functionality.
You are welcome to provide further information or feedback about this item by emailing TerritoryStories@nt.gov.au