Details of Australia's new data breach disclosure laws to be revealed

The final report outlining the amendments to Australia’s Privacy Act and possible new data breach disclosure laws will be released on August 11th.

Federal Cabinet Secretary John Faulkner, and Attorney-General Robert McClelland will officially launch the report, which is embargoed till the 11th, in a briefing in Sydney on the day.

The final report, the result of several draft papers by the Australian Law Reform Commission (ALRC) and stakeholder feedback was delivered to the Attorney-General on 30th May and followed up by tabling in federal Parliament.

According to the ALRC, the Commission was initially prompted to review the Privacy Act in January 2006 by the then Attorney-General in a move to examine the Act’s effectiveness, taking into consideration the advancements in digital technology as a factor.

Discussions surrounding mandatory data breach disclosure laws by business and government quickly became a focal point of the debate with both the Privacy Commissioner and analysts urging the inclusion of such a mandate.

Karen Curtis, the Australian Privacy Commissioner renewed calls for mandatory information breach disclosure laws on several occassions including in a 786-page submission to the ALRC in January.

Curtis said disclosing a major data breach would be proportional to the severity of the incident but will provide a strong incentive for organisations to secure their data.

Andrew Hayne, acting director of Policy at the OPC said in February that a requirement to notify significant data breaches would also encourage organisations and agencies to take adequate steps in the first place to ensure information is secure.

However, speaking at the SecurityPoint 2008 conference in Sydney he said the ALRC has supported the idea of data breach notification requirements. However, the details of how such a requirement should neither impose or be an unreasonable burden on agencies was a concern.

Gartner analyst, Andrew Walls, said he would at least like to see mandatory disclosure to government by business or any other organisation in the case of a breach, similar to that in Singapore.

“You don’t tell anyone else you tell the government,” said Walls. “That will allow the government to monitor and be aware of the level of breaches and failures in the country.

“We are not in a place to know that.”

“People like myself have been making noise for a long time saying that the privacy act as it stands is not even regulary enforced.”

Industry will require clear guidelines and organsations will want to have their legal right clear, added Walls.

The Australian Law Reform Commission President, Prof David Weisbrot AM and Commissioner in charge of the Inquiry, Prof Les McCrimmon will be present at the launch.

The ALRC said it is undable to comment on the specifics of the report until the report is released.