The federal government intends to introduce new legislation that would force businesses to publicly admit to a data breach before the end of the year.
The Privacy Amendment (Notifiable Data Breaches) Bill is among a list of new legislation proposed for introduction in the spring session of parliament, which runs from August 30 to December 1.
The government published an exposure draft of the legislation last December. It would force an organisation to notify customers, the Privacy Commissioner and potentially the media if it believes a serious data breach has occured.
It gave industry until March this year to have input on the bill.
Despite Australia's businesses hitting back at the proposed new rules, the government pledged to push ahead with the bill's introduction in the 2016 winter sittings.
However, it missed its own deadline and failed to introduce the legislation into parliament before the July federal election.
It meant that for the second time in three years, Australia's businesses watched a data breach notifications bill be introduced into parliament but fail to be passed into law.
The former Labor government's data breach notifications legislation similarly ran out of time to be heard in the Senate in June 2013 before that year's federal election.
The Coalition had originally promised to have a data breach alerts scheme in operation before the end of 2015 following the recommendation of a joint committee investigating its data retention scheme, but failed to make its deadline.
Its bill outlines what the government considers to be a serious breach and the steps an organisation must take to address one.
The scheme applies only to organisations governed by the Privacy Act. State government organisations and local councils, plus organisations with a turnover less than $3 million a year, will fall outside the legislation.
The privacy commissioner would have the power to chase civil penalties for non-compliance, with individuals facing fines of $340,000 and organisations facing up to $1.7 million.
