Australia’s New Data Breach Amendment Law

 In Articles, Business

Privacy has always been a crucial element of lead generation and consumer data. Without strict regulation surrounding data protection, the industry as whole would have a large blind spot which could create many legal liabilities. Entities within the Australian lead generation industry and businesses that hold data in any form must implement strong data practices and comply with the Privacy Act 2017.

In this ever growing and innovative industry of lead generation, the regulations have been tightened and shaped over time to better protect the consumer. Businesses have had to keep up and comply with each addition and change accordingly.

Australia’s New Data breach amendments to Australia’s Privacy Act 1988 have been in full effect as of February 2018. The amendments, along with compliance with the original Privacy Act and updated Privacy Act in effect as of 2017, introduced a data breach notification scheme that obligates all businesses and agencies that are regulated by the Privacy Act to comply with the notification process. As stated by the Office of the Australian Information Commissioner (OAIC) the amendment introduces an obligation to notify individuals whose personal information is involved in a data breach that is likely to result in serious harm. The OAIC, of course, would too be notified in the process.


So, what is ‘serious harm’ and how does it affect the individual user?

The new data breach amendment law creates another layer of protection for the user and gives a clear logistical plan if the user is at risk of harm because of a privacy breach. An accompanying explanatory memorandum clearly states that a data breach arises where there has been unauthorised access to, or unauthorised disclosure of, personal information about one or more individuals (the affected individuals), or where such information is lost in circumstances that are likely to give rise to unauthorised access or unauthorised disclosure.

It also explains that serious harm, in this context, could include serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation and other forms of serious harm that a reasonable person in the entity’s position would identify as a possible outcome of the data breach.


How does the new regulation amendment affect the industry?

An entity must give notification if it has reasonable grounds to believe that an eligible data breach has occurred. The notification must outline the details, cause and the potential individuals affected by the breech. This is to protect the individual and to ensure that companies are following best practice when it comes to data protection. This amendment weighs a new level of accountability on any businesses that holds or collects data in any way. It also takes away the ability for a business to protect their reputation while putting a user at risk of serious harm.


So, in short, what is best practice?

EMBR will not just comply at minimum requirement but we will do everything in our capability to conduct best practice surrounding every part of lead generation, especially user privacy. Lead generation is heavily focused on and driven by user information so stewarding this is of the upmost importance. We do regular compliance checks to ensure that our systems and procedures are following industry and government standards.

This amendment and original law does not just relate to the management and maintenance of an entity’s database, it also demands that all opt-in processes related to the business also comply. Because after all, when dealing with the user’s privacy and safety – opt-in and data storage are one in the same. Clear opt-in and opt-out ability should be provided for all users going through any subscription process. Terms and Conditions and a Privacy Policy should be clearly laid out and accessible.

We offer consulting services around data protection, with lead generation not just being something we do, but the only thing we do – we are immersed in the industry and can relay clear practices and guidelines to adhere to when it comes to compliance with the Privacy Act.


EMBR is leading the way in lead generation verification and data protection. Complying with all government regulation surrounding data protection is our priority as we know the importance of user privacy and protection. Without these foundational regulations, the industry would not be the innovative and expanding industry it is. The notifiable data breach amendments to the law creates another stand point for users to have full trust in complying entities and peace of mind that data protection is still to this day, being innovated and kept at a high standard.

Contact us today for more information around our services or consultation around compliance and Australia’s New Data Breach Amendment Law.


Cosponsor Leads

Cosponsor leads are generated in the initial registration process of EMBR’s network of  websites and online surveys. Through EMBR, our proven system allows clients to gain large quantities [...]