Government agencies and organisations that fall under the Privacy Act (we're talking businesses with a turnover of more than $3 million a year) will need to, by law, notify both the privacy commissioner and affected individuals of 'eligible' data breaches.

That's right, the Privacy Amendment (Notifiable Data Breaches) Bill 2016, AKA Mandatory Data Breach Notification finally passed the senate yesterday, and will be in place within the next 12 months.