One step closer to Australian data breach class actions

The Privacy Amendment (Notifiable Data Breaches) Act 2016 (Cth), which received assent on 22 February 2017, proposes a number of amendments to the Privacy Act 1988 (Cth) that could act as a trigger for Australian class actions in the data breach space.

The proposed amendments, which are yet to be proclaimed, will require entities regulated by the Privacy Act to notify the Australian Information Commissioner and affected individuals of any “eligible data breach”.

In the US, notifications provided under equivalent legislation have tended to closely coincide with the filing of data breach class action complaints.1

Continue reading