Charity Lawyers
  • Home
  • About Us
    • Who we are
    • Our team
  • Expertise
    • At a glance
    • In depth
      • Tax & duties
      • Governance
      • Charitable Trusts
      • Structures: establishment & restructuring
      • Mergers, collaborations & strategic alliances
      • Gifts, charitable fundraising & promotions
      • Disputes & regulatory reviews
      • Workplace & People issues
      • Brand, information & reputation protection
      • Property
  • Insights
    • At a glance
    • View articles
      • Updated transparency requirements under the Commonwealth Electoral Act
      • Pastoral care services DGR category
      • Resignation of director notification
      • Permanent changes to the Corporations Act regarding meetings and documents to come into force
      • Global Alliance of Impact Lawyers Launch Week
      • Prolegis Lawyers ranked Band 1 by Chambers
      • Recent changes to the Corporations Act for electronic meetings, notices, minute books and e-signing due to the Covid-19 pandemic
      • Recent decisions in Australian charity law – update
      • New requirements for DGRs to be registered as charities with the ACNC
      • High Court rules on who is a Casual employee
      • Streamlining of regulation of charities undertaking fundraising in NSW
      • Changes to Charities’ Financial Reporting Obligations
      • Changes to Casual Employment
      • Women’s Life Centre – A recent decision of the Administrative Appeals Tribunal regarding Public Benevolent Institutions (PBIs)
      • Final Report of the 2020 Review of Disability Standards for Education 2005
      • Royal Commission into Aged Care Quality and Safety - final report released
      • UPDATE 25 February 2021: Introducing ACNC Governance Standard 6 and changes to Basic Religious Charity eligibility
      • Treasury Consultation: Proposed changes to ACNC Governance Standard 3
      • Breaking: Charities to lose charitable status if they fail to join the National Redress Scheme
      • New Bill – Requiring DGRs to Register as Charities
      • Federal Budget 2020-21
      • NZ High Court finds Greenpeace NZ should be registered as a charity
      • A member of a charity has a fiduciary duty to act in the best interest of the charity?
      • Key Changes- incorporated associations in Queensland
      • Bill for new DGR category for Community Sheds now law
      • UPDATE 2 June 2020: SME Commercial Leasing Principles During COVID-19 - what does it mean for charities and not-for-profits?
      • UPDATE 19 May 2020: COVID-19 – Information for Charities and Not-for-Profits
      • UPDATE 6 May 2020: COVID-19 - Ancillary Funds, Disaster Relief Funds and AGM for companies
      • Draft bill for new DGR Category: Men’s and Women’s Sheds
      • An Update: COVID-19 Australian government’s economic response – What’s for charities and not-for-profits?
      • COVID-19 Australian government’s economic response – What’s for charities and not-for-profits?
      • ACNC to review registered charities beginning with Public Benevolent Institutions in July 2020
      • Government response to the recommendations of the ACNC Legislation Review
      • Fundraising– considerations for charities, fundraisers and donors
      • Minute-taking post Banking Royal Commission
      • Taxation Ruling: 'in Australia' conditions
      • Key changes to the Victorian Fundraising Act
      • Religious Discrimination Bill- Update
      • New protections for whistleblowers – what does it mean for charities and not-for-profits? UPDATE
      • Significant Changes in Payment and Record Keeping Requirements for Clerical and Administrative Staff
      • New Tax Office Ruling - Fringe Benefits Provided to Religious Practitioners
      • ACNC External Conduct Standards - Update
      • Fair Work Australia decision will introduce changes in entitlements and record keeping requirements of clerical and administrative employees
      • Royal Commission into Violence, Abuse, Neglect and Exploitation of People with Disability
      • National Redress Scheme Update
      • DGR reform proposals
      • Release of the ACNC Review Report
      • Not So Casual
      • ACNC External Conduct Standards - Public Consultation
      • Law on Advocacy by Charities
      • New ATO Draft Ruling on the fringe benefits tax: benefits provided to religious practitioners
      • Employment update - New numbers for key employment issues for a new tax year
      • Electoral disclosure & funding reform: why charities and NFPs should be concerned
      • Review of ACNC Framework
      • Reforming Administration of Tax Deductible Gift Recipients - a victory for common sense?
      • Righting Wrongs: Victoria takes lead on organisational child abuse legislation
      • Tax Deductible Gift Recipient Reform Opportunities
      • When may a charity board member be paid for their services?
      • #fixfundraising
      • Privacy Law Update: Mandatory Data Breach Notifications to come into force by the end of 2017
      • Good Things Come To Those Who Wait? ACNC releases Commissioner’s Interpretation Statement on Public Benevolent Institutions
      • Privacy Obligations - Lessons and reminders from the Red Cross Data Breach
      • Charities and the Australian Consumer Law - reducing duplication and confusion
  • Careers
  • Contact

Get In Touch


Sydney

Level 4, 107 Mount Street
North Sydney NSW 2060
Australia

   +61 2 9466 5222

  info@prolegis.com.au

Melbourne

Suite 5
197 Springvale Road
Nunawading VIC 3131
Australia

   +61 3 8672 2920

  info@prolegis.com.au

Insights

Privacy Law Update: Mandatory Data Breach Notifications to come into force by the end of 2017

   March 2017   |  Article   |  Mary Sheargold

The responsibilities placed on organisations, including charities and not for profits, to protect personal information continues to be a point of sharp focus for the Government, the Australian Charities and Not-for-profits Commission (ACNC) and the community.

Two recent developments are noteworthy in this area. First, the ACNC released new guidance regarding the way charities and not-for-profit organisations handle personal information received from donors and the general public in the course of their work. Secondly, new laws making it mandatory for organisations to report data breaches have been enacted and will come into effect sometime before the end of 2017.

We flagged the prospect of the Federal Government amending the Privacy Act 1988 (Cth) (Privacy Act) to introduce the new laws in November last year, when we talked about the implications of a data breach at Red Cross Australia and the likely introduction of mandatory obligations of organisations in a situation similar to them to report data breaches to the Australian Information Commissioner (AIC) (previously known as the Privacy Commissioner).

The changes mean that any organisation bound by the Australian Privacy Principles - that is, a federal government agency, or any organisation with an annual turnover in excess of $3 million (APP entity) - will be required to notify the AIC and comply with the requirements for reporting within 30 days of becoming aware of a suspected data breach. 

The breach notification must include:

(a)    a description of the data breach that the organisation believes has occurred;

(b)   details of the kinds of information that were disclosed as part of the breach (for example, names, phone numbers or email addresses); and

(c)    recommendations about the steps that should be taken in response to the data breach. 

Further, if an organisation has reason to believe that is it not the only organisation affected by the breach, then the report must also advise the AIC of the identity and contact details for the other organisations affected. 

The new laws will also oblige organisations to provide a copy of the statement it provided to the AIC to all individuals it believes may have been affected by the data breach.

Failure to comply with the obligations may result in significant penalties under the Privacy Act. These include fines of up to $360,000 for individuals and up to $1.8 million for organisations.

Our tips for getting your organisation ready are:

First, know whether your organisation is an APP entity.  

Second, review your policies and procedures. We suggest you do so in conjunction with the ACNC’s new guidelines which encourage all charity and not-for-profit organisations to endeavour to comply with obligations provided in the Australian Privacy Principles.  As part of this, you should also consider what procedures you have that would help you prevent and identify a potential or actual data breach.   

Third, are your policies and procedures known and followed by personnel? What practices could you introduce to help ensure you meet all your obligations under our privacy laws?  What may you need to change to ensure you can comply with requirement to notify the AIC on becoming aware of a potential or actual data breach within 30 days?

The ACNC guidance is available from their website. 

We can assist you navigate this new landscape. Please contact us if you would like to have a privacy health check for your organisation, or if you have any questions regarding this new mandatory reporting regime.





Quick Links

⇢    Our Team
⇢    About Us
⇢    Expertise
⇢    Insights
⇢    ACNC

Latest News

  • March 2022
    Updated transparency requirements under the Commonwealth Electoral Act
  • March 2022
    Pastoral care services DGR category
  • March 2022
    Resignation of director notification
  • March 2022
    Permanent changes to the Corporations Act regarding meetings and documents to come into force
  • February 2022
    Global Alliance of Impact Lawyers Launch Week

Latest News & Insights

  • Updated transparency requirements under the Commonwealth Electoral Act March 2022
  • Pastoral care services DGR category March 2022
  • Resignation of director notification March 2022

Useful Links

  • Our Team
  • About Us
  • Expertise
  • Insights
  • ACNC

Sydney Office

Level 4, 107 Mount Street
North Sydney  NSW   2060
Australia

+61 2 9466 5222

info@prolegis.com.au

Melbourne Office

Suite 5

197 Springvale Road
Nunawading  VIC  3131
Australia

+61 3 8672 2920

info@prolegis.com.au

Copyright © Prolegis Lawyers. All Rights Reserved.

  • Privacy Policy