Australia will have a mandatory data breach notification scheme in place within the year after several aborted attempts, following the passage of legislation through the senate today.
The Labor and Liberal parties today united to pass the government's Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law.
The passage came despite a last-ditch attempt by the Greens to make changes to the bill that would shorten the period in which an organisation must notify of a breach down from 30 days to three.
The party also attempted in vain to capture political parties and businesses with less than $3m turnover under the legislation.
The scheme applies only to government agencies and organisations governed by the Privacy Act, meaning state government organisations and local councils, plus organisations with a turnover less than $3 million a year, fall outside the legislation.
The bill now needs only royal assent - a formality - before it becomes law.
The Liberal government had pledged to have a mandatory data breach notification scheme up and running before the end of 2015, but missed its own deadline to get the bill into parliament.
The bill edited the language of a draft published the year prior slightly to bend to industry calls to remove the requirement for notification if an organisation "ought to have been aware" a breach had occurred.
Chief Analytics Officer Spring 2017
15% off with code MP15
Big Data and Analytics for Healthcare Philadelphia
$200 off with code DATA200
10% off with code 7WDATASMX
Data Science Congress 2017
20% off with code 7wdata_DSC2017
20% off with code AIP17-7WDATA-20