On 13 February 2017 the Federal Parliament enacted the Privacy Amendment (Notifiable Data Breaches) Act 2017, inserting mandatory data breach notification requirements into the Privacy Act 1988. These provisions will replace the voluntary data breach notification guidelines as currently administered by the Privacy Commissioner and require entities subject to the Privacy Act to notify the Privacy Commissioner and affected individuals if the entity experiences a data breach of a kind covered by the Act. We review the new requirements below.