AIST supports the new breach reporting regime and welcomes greater transparency and accountability requirements. We suggest further enhancements to the guidance on what constitutes ‘core obligation’, ‘significance’, ‘material loss or damage’, and requirements relating to ‘investigations’ to provide greater clarity and assist licensees in meeting their new obligations.

AIST also points to the short implementation time given to licensees, noting ASIC’s intention to release final guidance three months prior to the obligations commencing.