The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Breach Notification Act) received Royal assent on 22 February. This means that private sector organisations and Commonwealth Government agencies will have breach reporting obligations that start on Thursday 22 February 2018 (unless the Government chooses to proclaim an earlier commencement). Data breaches which occurred before commencement will not be reportable.
HWL Ebsworth's Financial Services and Regulatory team acted for the consortium comprised of KKR, Varde Partners and Deutsche Bank in the AUD8.2 billion acquisition of GE Capital Finance Australasia Pty Ltd's Australian and New Zealand consumer lending business.
The Australian Securities and Investments Commission (ASIC) has obtained a significant judgment which it describes as a 'landmark case for the consumer credit regime', with a record penalty recently ordered by the Federal Court.
On 29 May 2013, the Privacy Amendment (Privacy Alerts) Bill 2013 (Privacy Alerts Bill) was introduced to the Federal Parliament. The Privacy Alerts Bill will amend the Privacy Act 1988 (Cth) (Privacy Act) to introduce mandatory data breach reporting obligations for entities regulated by the Privacy Act.
Australian business will soon have to comply with the largest reforms to the Privacy Act 1998 (Cth) (Privacy Act) in over a decade. The Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) was passed on 27 November 2012 and will commence on 12 March 2014. Affected businesses must be compliant by that date.
On 29 November 2012, the Privacy Amendment (Enhancing Privacy Protection) Bill 2012 (Privacy Bill) passed the Parliament and is currently awaiting Royal Assent. A number of amendments were made to the Privacy Bill following recommendations of the Senate Legal and Constitutional Affairs Legislation Committee.