Roxon raises mandatory data breach laws

Powered by SC Magazine
 

Law enforcement activities could be exempt.

Attorney-General Nicola Roxon has issued a discussion paper today on whether Australia should introduce a mandatory data breach regime.

Such laws would compel organisations to inform members of the public any time personal information about that customer falls into the wrong hands.

For Australian organisations today, the disclosure of such breaches is voluntary and subject to guidelines by the Federal Privacy Commissioner.

Roxon's discussion paper is the first step the Government has made towards a mandatory regime since the Australian Law Reform Commission recommended such a policy in 2008.

Roxon's discussion paper looks at how legislation might strengthen the protection of personal information as well as minimise damage when breaches occur.

The paper notes that there has been a 27 percent increase in data breaches reported to the Privacy Commissioner and mounting public concern over the impact of these breaches.

It notes that mandatory data breach notification schemes are in place or under consideration in the United States, the European Union, the United Kingdom and Ireland. 

The case for more regulation is found on giving the public a legal basis for “resecuring” their information following a data breach.

Such laws could act to improve data security, especially among companies where adverse publicity could have consequences for their share prices.

It would also provide better information to government and the public on the scope and frequency of data breaches, the paper argues.

Finally it suggests mandatory data breach notification may bolster public confidence that the Government is taking individual privacy rights seriously.  

The main issues

The paper canvasses questions such as

  • Should there be a mandatory data breach provision;
  • What constitutes a data breach and what should trigger a notification;
  • Who should be notified e.g. the Privacy Commissioner and/or affected consumers;
  • Who should decide on whether to notify;
  • What should be reported and by when;
  • What penalties might be appropriate for failing to notify;
  • Which organisations should be subject to such laws.

With half an eye on the issues involved in the Government’s current data retention proposals, the paper also raises the question of whether there should be an exemption for law enforcement activities.

In some cases, notification of a data breach by an agency could compromise its law enforcement activities, the paper states.

Submissions on the issues raised in this paper are sought by 23 November 2012. 

How do you feel about mandatory data breach notification laws? Have your say below...

Copyright © iTnews.com.au . All rights reserved.


Roxon raises mandatory data breach laws
Will Nicola Roxon finally introduce data breach notification laws?
 
 
 
Top Stories
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Images: the next frontier in data analytics?
Barclay’s global data chief says we’re still at the starting line.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Will Nicola Roxon finally introduce data breach notification laws?
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  25%
TOTAL VOTES: 416

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  55%
 
No
  45%
TOTAL VOTES: 195

Vote