Australia will have a mandatory data breach notification scheme in place within the year after several aborted attempts, following the passage of legislation through the senate today.
The Labor and Liberal parties today united to pass the government's Privacy Amendment (Notifiable Data Breaches) Bill 2016 into law.
The passage came despite a last-ditch attempt by the Greens to make changes to the bill that would shorten the period in which an organisation must notify of a breach down from 30 days to three.
The party also attempted in vain to capture political parties and businesses with less than $3m turnover under the legislation.
The scheme applies only to government agencies and organisations governed by the Privacy Act, meaning state government organisations and local councils, plus organisations with a turnover less than $3 million a year, fall outside the legislation.
The bill now needs only royal assent - a formality - before it becomes law.
The Liberal government had pledged to have a mandatory data breach notification scheme up and running before the end of 2015, but missed its own deadline to get the bill into parliament.
The bill edited the language of a draft published the year prior slightly to bend to industry calls to remove the requirement for notification if an organisation "ought to have been aware" a breach had occurred.