Data breach disclosure, new guidelines to help Australian businesses

By

A data breach notification guideline to assist businesses and government agencies in the case of a significant data breach is currently in development, the Office of the Privacy Commissioner (OPC) has announced.

Data breach disclosure, new guidelines to help Australian businesses
The guide, a response to growing public sentiment surrounding the subject, will provide best practices and advice surrounding voluntary data breach disclosure.

“[The guide] is actually in response to requests, particularly from Commonwealth agencies but also from the private sector,” said Andrew Hayne, acting director of Policy at the OPC in his keynote speech at the SecurityPoint 2008 conference in Sydney today.

“It will explain when they should tell us about a notification and when they should go to the expense and trouble of telling consumers.”

The Australian Law Reform Commission (ALRC) is yet to announce its rulings regarding the Privacy Commissioner, Karen Curtis’s December 2007 submission urging a review of the Privacy Act.

Early indicators suggest that at the very least mandatory disclosure laws will soon be a reality in Australia, to what extent is a concern for Hayne.

“The ALRC has supported the idea of data breach notification requirement, however, in our Office’s view, it’s the detail of how such a requirement should neither impose an unreasonable burden on agencies and organisations nor result in unnecessary or alarmist notfications to individuals,” he said.

According to Hayne, a requirement to notify significant data breaches would also encourage organisations and agencies to take adequate steps in the first place to ensure information is secure.

Australian and ACT government agencies are compelled by the Privacy Act as well as those in the private sector with a turnover exceeding $3 million.

All health services, credit providers and Tax file number recipients are also obliged. SMBs are conditional.

These draft guidelines will be available for consultation in the near future.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?