Licensees should be aware of the new breach reporting provisions which commence on 1 October and how these changes affect your current policies and procedures.
Key points to be aware of include the following:
- The current ‘self-assessment’ of significance will remain for some types of breaches, however a broad range of breaches will be ‘deemed’ to be significant, and a reporting obligation will be automatically triggered.
- There will be more ‘reportable situations’, including an obligation to report to ASIC in relation to breach investigations that continue for 30 days or more.
- ASIC has an obligation to publish details of certain breach reports it has received, including the entities which lodged those reports.
We can assist with a review of your current policies and procedures. Contact partner Elliott Stumm or lawyer Jessica Fuller for more details.