Practice Areas
Cybersecurity, Data Protection & Privacy
- Get free trial for practice areas as below
- Business
- Consumer
- Corporations
- Criminal
- Employment
- Family
- General Counsel
- Governance
- Immigration
- Intellectual Property
- Personal Injury NSW
- Personal Injury Qld
- Personal Injury Vic
- Personal Property Security
- Property
- Succession
- Work Health & Safety
- Tax
- Mergers & Acquisitions
- Banking & Finance
- Social Justice
- Cybersecurity, Data Protection & Privacy
- Insolvency
- Competition
LexisNexis Practical Guidance®
Straightforward guidance across a range of topics
- Mandatory data breach notification
- The data breach notification regime
Identifying whether the data breach notification regime applies to you
The mandatory data breach notification regime applies to the following bodies (s 26WE, the Act):
- • APP entities;
- • credit reporting bodies;
- • credit provider; and
- • file number recipients.
The regime will also apply to the above entities where they have disclosed information to an overseas recipient, or a body or person with no Australian link, as if they themselves held the information.
However, notification of a breach is not required under regime where that breach is required to be notified under the My Health Records Act 2012 (Cth).
See Identifying whether the data breach notification regime applies to you.
