In October 2012, the Attorney General released a discussion paper into the potential for Australia to join a number of developed nations that have passed laws compelling companies to notify customers when customer records are leaked, lost or stolen.
Australia’s Attorney General's Department has now had three months to look over these submissions and recommend a course of action.
SC Magazine editor Darren Pauli expects, based on interviews with senior stakeholders in the process, that it is not a matter of if, but when, for mandatory data breach notifications to be a reality of doing business in Australia.
Such a scheme (or multiple schemes if the States also choose to act) will have a profound impact on the degree to which Australian organisations lock down their data and networks.
Chief information and security officers would be wise to make a case at board level for an audit of their current security posture and processes, with a view to closing any gaps before such measures are enacted.
SC Magazine and iTnews invite CIOs and security managers to meet over lunch on May 1 with Keith Price, Black Swan Consulting, Mark Vincent, partner at Sheslton IP and Gerry Tucker, country manager of Websense Australia to learn about the ramifications:
- What legislative instrument(s) might be used for Australian Governments to mandate data breach notification?
- What is the model of notification scheme most likely to be adopted?
- What internal processes will need to accommodate such a scheme? Who within an organisation will ultimately be responsible or accountable for it?
- What are the first priorities for organisations to prepare for such a scheme?
Interested parties are welcome to register to attend.