Enterprise Computing Solutions ANZ

Data breach laws | What you need to know

Australia's data breach laws: what you need to know 

What is the Notifiable Data Breaches (NDB) scheme?

The NBD scheme makes it mandatory for businesses to report eligible data breaches to the Office of the Australian Information Commission (OAIC) and any individuals potentially affected by the data breach.

What makes a data breach eligible?

For a data breach to be eligible, it must meet the following three criteria:

  • There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds
  • This is likely to result in serious harm to one or more individuals, and
  • The entity has not been able to prevent the likely risk of serious harm with remedial action.

What classifies 'serious harm'?

‘Serious harm’ could include physical, psychological, emotional, economic and financial harm, as well as harm to reputation

Why was the law introduced?

The scheme was introduced to strengthen the privacy of personal data and to increase transparency in the way the public and private sectors respond to serious data breaches.

Who does it affect?

The scheme applies to Australian government agencies and businesses with an annual turnover of $3 million or more. This includes not-for-profits, credit reporting bodies, health service providers, TFN recipients, among others.

How can I prepare my customers?

When building a business case for strengthened data security, you can include the following messaging:

  • By implementing robust security practices, you can effectively demonstrate that you place your customers’ privacy above your business’s profits.
  • By having a contingency plan in place, you can reinforce your market status as a trusted business that cares about its customers.
  • By minimising the risk of a data breach with security solutions, you can avoid the need to notify customers and therefore avoid reputational damage if the issue were to escalate to the media.


Arrow takes data security seriously. Our long history in IT has allowed us to form relationships with some of the best names in the industry, and our security vendors are no exception.

To learn more about the new laws or to find out how we can help you become a trusted security advisor, submit your details and we'll be in touch. 


Tell me more