New data breach notification laws come into effect this month.

The data breach laws set to come into force on February 22 require all businesses with an annual turnover of more than $3 million to alert the Australian Information Commissioner and all affected clients if they get hacked.

There is concern that the regime will put many Australian businesses on the wrong side of the law.

The Government says that once the legislation is in place, the privacy commissioner would be able to conduct investigations into data breaches.

Nigel Phair, director for internet safety at the University of Canberra, expects many Australian businesses to be caught out.

“When you look at the organisations I talk to, they all think; ‘Well, we won't get hacked so why would we put any investment or any effort into being prepared?’” he told the ABC.

Mr Phair said the $3 million turnover threshold may be too high.

“The bigger you get, there is generally a more preparedness to invest in cyber security measures,” he said.

“Unfortunately the smaller you get, they don't see the value proposition, and subsequently the reason to be prepared.

“Lots of little organisations still have personally identifying information, which if it lost, [had] stolen [or] abused, is a great threat to the average person out there.”

More information is available here.