Because the potential breach occurred two years ago, Australia's
mandatory breach notification law doesn't apply.
The law, which came into effect in February, requires organizations to notify regulators and consumers within 30 days of breaches that have a likelihood of resulting in «serious harm» (see Australia Enacts
Mandatory Breach Notification Law).
Not exact matches
For the first time in EU
law,
notification of a privacy
breach is now
mandatory across the Union.
As we previously reported, the Digital Privacy Act, which amended Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) to include a
mandatory breach notification requirement, became
law nearly three years ago.
PIPEDA even lags behind the
laws of those few provinces that have their own private sector data protection statutes: Commissioners in Quebec, B.C. and Alberta have order making powers, and Alberta also has
mandatory data
breach notification requirements.
Mandatory data
breach reporting and
notification at the federal level was introduced with amendments to the federal private sector privacy
law — PIPEDA — enacted by the Digital Privacy Act.