Data breach notification will become mandatory as of February 2018 for all Australian entities required to comply with the Privacy Act 1988. When Federal Parliament passed the Privacy Amendment (Notifiable Data Breaches) Act 2017 last year, it started a process that means from February 22, 2018, all entities covered by the Australian Privacy Principles will have clear obligations to report eligible data breaches within 30 days. If an eligible data breach is confirmed, entities must provide a statement to each of the individuals whose data was breached or who are at risk, and notify the Office of the Australian Information Commissioner (OAIC).