We’re a small business. The Privacy Act and Notifiable Data Breach Scheme don’t apply to us.
Generally, businesses do not need to comply with the Privacy Act until their annual turnover reaches $3 million. However, some businesses are required to comply regardless of their size.
This includes businesses that:
- provide a health service (this captures almost all businesses in the health, well-being and medical space);
- provide services to the Commonwealth government; or
- are related to another organisation that has an annual turnover of more than $3 million.
If you are required to comply with the Privacy Act, you must also comply with the Notifiable Data Breach Scheme. This requires mandatory reporting of data breaches to the Privacy Commissioner and affected individuals.
Talk to our Privacy and Data Protection team to properly understand your obligations.
|Disclaimer: This publication contains comments of a general nature only and is provided as an information service. It is not intended to be relied upon as, nor is it a substitute for specific professional advice. No responsibility can be accepted by Rigby Cooke Lawyers or the authors for loss occasioned to any person doing anything as a result of any material in this publication.
Liability limited by a scheme approved under Professional Standards Legislation.
©2020 Rigby Cooke Lawyers