Mandatory rules to report serious data breaches to clients and customers take effect on Thursday, carrying massive fines for individuals and corporations.
Australian government agencies, businesses and health providers who fail to notify clients and customers that their personal information has been breached now face major fines.
Individuals will be fined up to $420,000 and corporations up to $2.1 million under mandatory reporting rules for serious data breaches which come into effect on Thursday.
"This means that Australians will know if their personal information has been breached and will be empowered to protect themselves by being able to act quickly to minimise damage," Attorney-General Christian Porter said.
Data breaches considered capable of increasing the risk of serious harm include the release of sensitive health information, Medicare card details, driver's licences, passport details or financial information.
Cyber Security Minister Angus Taylor said not knowing how to protect client or customer data was becoming a poor excuse.
"The onus is with business operators, with organisations and with government agencies, to put measures in place to reduce the risk of data breaches," Mr Taylor said.