Strengthening data privacy

the obligation of organisations to notify affected individuals of data breaches

Niloufer Selvadurai, Nazzal Kisswani, Yaser Khalaileh

Research output: Contribution to journalArticle


The Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) introduced a new Part IIIC into the Privacy Act to strengthen the existing information privacy laws by requiring the designated organisations to notify the Information Commissioner and affected individuals of data breaches that are likely to cause serious harm. The objective of this article is to consider the proper public policy basis for data breach notification laws, the likely ambit of operation of the new provisions and the merits of the law in enhancing data security. Whilst the article focuses on the Australian legislative framework, the provisions European Union’s new General Data Protection Regulation 2016/679, 27 April 2016, will also be considered to extend the discussion of appropriate law in this area. The article will conclude by identifying continuing areas of concern and suggesting initiatives to further strengthen the data privacy of individuals.
Original languageEnglish
Pages (from-to)271-284
Number of pages14
JournalInternational Review of Law, Computers and Technology
Issue number3
Early online date25 Sep 2017
Publication statusPublished - 2019


  • notifiable data breaches
  • personal data
  • privacy

Fingerprint Dive into the research topics of 'Strengthening data privacy: the obligation of organisations to notify affected individuals of data breaches'. Together they form a unique fingerprint.

Cite this