Data breach disclosure, new guidelines to help Australian businesses

By

A data breach notification guideline to assist businesses and government agencies in the case of a significant data breach is currently in development, the Office of the Privacy Commissioner (OPC) has announced.

Data breach disclosure, new guidelines to help Australian businesses
The guide, a response to growing public sentiment surrounding the subject, will provide best practices and advice surrounding voluntary data breach disclosure.

“[The guide] is actually in response to requests, particularly from Commonwealth agencies but also from the private sector,” said Andrew Hayne, acting director of Policy at the OPC in his keynote speech at the SecurityPoint 2008 conference in Sydney today.

“It will explain when they should tell us about a notification and when they should go to the expense and trouble of telling consumers.”

The Australian Law Reform Commission (ALRC) is yet to announce its rulings regarding the Privacy Commissioner, Karen Curtis’s December 2007 submission urging a review of the Privacy Act.

Early indicators suggest that at the very least mandatory disclosure laws will soon be a reality in Australia, to what extent is a concern for Hayne.

“The ALRC has supported the idea of data breach notification requirement, however, in our Office’s view, it’s the detail of how such a requirement should neither impose an unreasonable burden on agencies and organisations nor result in unnecessary or alarmist notfications to individuals,” he said.

According to Hayne, a requirement to notify significant data breaches would also encourage organisations and agencies to take adequate steps in the first place to ensure information is secure.

Australian and ACT government agencies are compelled by the Privacy Act as well as those in the private sector with a turnover exceeding $3 million.

All health services, credit providers and Tax file number recipients are also obliged. SMBs are conditional.

These draft guidelines will be available for consultation in the near future.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?