SYDNEY, Australia—Australia’s new data breach disclosure rules go into effect this month.
The mandatory data breach notification law underscores Australia’s recent efforts to lift its cyber security game both locally and internationally, bringing the country into line with other efforts, such as the European Union’s General Data Protection Regulation, Computer Weekly reported.
Under the Australian legislation, organizations with a turnover of more than A$3m, as well as Commonwealth government agencies, must notify the privacy commissioner and individuals affected by a data breach.
The new laws are enforceable from February 22 and civil penalties for not complying range up to A$360,000 for individuals and A$1.8m for corporate bodies, Computer Weekly reported.
The legislation has already raised awareness of the need for cyber risk insurance, which has become the fastest growing commercial segment of Australia’s insurance market, Computer Weekly noted.
The new rules are also set to change organizations’ attitudes towards how they report cyber attacks and what they regard as a cyber-attack, Computer Weekly said.