Amendments to the Privacy Act 1988 (Cth) were passed in mid-February which introduce an obligation for Australian organisations covered by the Act to notify affected individuals and the Office of the Australian Information Commissioner (OAIC) if they’ve had an ‘eligible data breach.’  The amendments will take effect on 22nd February 2018.

Source: Guidance Note: Data Breach Notification Obligations in Australia | Ringrose Siganto