Why you should oppose a data breach notification law

By

Opinion: Data breach notification was a good idea - a decade ago.

Dear Attorney-General, please get on with it, and submit a Bill to create a privacy right of action.

Why you should oppose a data breach notification law

Added to that, we need criminal offences on the statute books for serious and/or repeated failures to implement security safeguards commensurate with the sensitivity of the data.

But all that mandatory data breach notification – raised in your Discussion Paper this week – does is expose the fact that organisations are culpably cavalier with sensitive data, and fail to implement well-understood security safeguards.

And, um, we know that already.

Privacy advocates and security specialists alike are opposed to mandatory data breach reporting. The reason is that it's being used as an excuse to hold off what is now clearly necessary.

Consider what it took for mandatory data breach notification to get to where it is today.

In 2003, California passed a Security Breach Notification Law, requiring that Californian consumers be notified when sensitive personal data about them is illegitimately obtained from a server or database.

A total of 34 states adopted similar laws by 2006, prompting Australia's Privacy Commissioner at the time to recommend such a law be passed in Australia.

By 2012, the Australian Law Reform Commission had studied the question for 2 years, the government had cogitated for 4 years, and, just this week, the Attorney-General took "decisive action" by releasing a Discussion Paper.

So it looks like we can expect a draft bill by 2014, assuming the Government is re-elected and the initiative doesn't get lost somewhere.

The bill will likely pass in 2015 and come in to force in 2016. But it won't be until 2019, perhaps, that the Privacy Commissioner is embarrassed into dropping its established practice of warning miscreants to actually impose sanctions.

Data breach notification was a good idea – a decade ago.

Roger Clarke is Principal of Xamax Consultancy Pty Ltd, a Visiting Professor in at UNSW and ANU, Chair of the Australian Privacy Foundation and a Director of the Internet Society of Australia.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
apfdatabreachprivacysecurity

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Victoria's first government tech chief steps down

Victoria's first government tech chief steps down
WhatsApp banned on US House of Representatives devices

WhatsApp banned on US House of Representatives devices
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?