The Australian parliament passed the Privacy Amendment (Notifiable Data Breach) Act 2017 (NDB scheme) on 13 Feb 2017.

From the 22 February 2018, all entities covered by the Australian Privacy Principles (APPs) will have clear obligations to report eligible data breaches. The amendments are due to commence on 23 February 2018 so providers should be getting their businesses ready for the changes now.

All entities will be required to take all reasonable steps to ensure an assessment is completed within 30 days. If an eligible data breach is confirmed, as soon as practicable, they must provide a statement to each of the individuals whose data was breached or who are at risk, including details of the breach and recommendations of the steps individuals should take. A copy of the statement must also be provided to the Office of the Australian Information Commissioner (OAIC).

Many of our clients may have noticed some changes to the method of transferring important documents and files via our client portal, this is just one of the steps we have taken to ensure we are ready for the changes that are coming.

If you need any help or have any questions regarding the legislation changes and your obligations – or how this affects you as our client, please be in touch with us at Advivo on 07 3226 1800 or email us at You may also use our Contact Form for enquiries.