I can maybe just add, though, that in terms of the offences that are under the act, there are three new ones related to data breach. There's a real demand for compliance in this respect. New offences are related to failing to report the data breach to the commissioner as required, failing to notify an individual of the data breach as required, and failing to maintain the records. These are actually offences now, so there is a lot of incentive for firms to do what is required as soon as possible.
On February 5th, 2015. See this statement in context.