The Office of the Australian Information Commissioner (OAIC) has set out new privacy laws from the 22nd of February 2018 which could impact you. The Notifiable Data Breaches Scheme is a new process that must be followed if a data breach occurs. TFN recipients are one of the entities that are covered by the Privacy Act and therefore must comply with this scheme. So if you have employees in your business then you are a TFN recipient as you would hold that personal information of your employees. If you are a complying entity (TFN recipient or other entity detailed in below link) then you must keep these records safe and secure and notify the affected individuals and the OAIC if a breach occurs. If you would like more information about this then please see the below link for businesses.

https://www.ato.gov.au/General/Online-services/Identity-security/Security-and-privacy/Data-breach-guidance-for-business/