Updated: The Federal Government has introduced mandatory data breach notification law into parliament in a move which could see the policy enforced by March next year.
The data breach notification policy would force organisations to notify the Federal Privacy Commissioner, affected consumers and on occasion the media, when data breaches occur.
Responding to questions by SC in Canberra, Federal Attorney-General Mark Dreyfus said the laws would likely be in place by March next year when a suite of privacy reforms would also come into force.
"It is likely to be at the same time that these Privacy Alerts will come into force," Dreyfus said.
"It will be a very useful measure. It is a piece of legislation that will be welcomed by the whole community."
SC earlier this month obtained the Exposure Draft Privacy Amendment (Privacy Alerts) Bill 2013 marked confidential, which revealed organisations that failed to take 'reasonable steps' to secure data ahead of breaches could face civil penalties.
This could see organisations made liable for data breaches affecting outsource providers that do not take reasonable steps to secure their data.
Repeat and serious offenders face fines ranging up to $340,000 for individuals or $1.7 million for organisations - a maximum penalty which was last month increased from $220,000 and $1.1 million respectively.
Small-scale offenders could be taken to court and fined up to $34,000 for individuals, and $170,000 for organisations.
It was unclear if the Federal Government would offer the industry a cooling off period in which to comply with the laws.
Read the bill online. (pdf)