(1) A person who
conducts a business or undertaking must ensure that the regulator is notified
immediately after becoming aware that a notifiable incident arising out of the
conduct of the business or undertaking has occurred.
Penalty for this subsection:
(a) for
an individual, a fine of $12 500;
(b) for
a body corporate, a fine of $55 000.
(2) The notice must be
given in accordance with this section and by the fastest possible means.
(3) The notice must be
given —
(a) by
telephone; or
(b) in
writing.
Note for this subsection:
The written notice can
be given by, for example, facsimile, email or other electronic means.
(4) A person giving
notice by telephone must —
(a) give
the details of the incident requested by the regulator; and
(b) if
required by the regulator, give a written notice of the incident within 48
hours of that requirement being made.
(5) A written notice
must be in a form, or contain the details, approved by the regulator.
(6) If the regulator
receives a notice by telephone and a written notice is not required, the
regulator must give the person conducting the business or undertaking —
(a)
details of the information received; or
(b) an
acknowledgment of receiving the notice.
(7) A person
conducting a business or undertaking must keep a record of each notifiable
incident for at least 5 years from the day that notice of the incident is
given to the regulator under this section.
Penalty for this subsection:
(a) for
an individual, a fine of $5 500;
(b) for
a body corporate, a fine of $30 000.