The Australian Federal Government has recently passed the Notifiable Data Breaches Bill 2016. This will introduce laws over the next twelve months which apply to businesses and nonprofits of $3M revenue, and also to Australian government agencies. Small businesses with less than $3M annual turnover but providing health services are also required to participate. Some of those small businesses affected include weight loss clinics, child care centers, chiropractors, gyms, hospitals, and pharmacists.
The penalties for noncompliance in promptly reporting suspected breaches to the Australian Privacy and Information Commissioner plus customers may result in penalties up to $350,000 for individuals and $1.8M for corporations.