iTnews
  • Home
  • News
  • Technology
  • Security

Data breach laws to follow privacy reforms

By Darren Pauli on Oct 4, 2011 1:22PM
Data breach laws to follow privacy reforms

Sooner if the scale and severity of breaches is proven.

Privacy Minister Brendan O'Connor has indicated that mandatory disclosure laws for data breaches in Australia could be enacted if the number and severity of breaches was shown to be on the rise.

The introduction of data breach notification laws has been on the cards since an Australian Law Reform Commission (ALRC) report in 2008.

Mandatory notification could require Australian businesses to publicly disclose instances of data loss where customer information had been compromised.

This could include instances where staff had lost laptops or USB sticks, or where data was stolen by hackers.

Notification has remained in a state of consultation for years; however, a spokesman for the Minister indicated they could soon be brought to bear.

Remember to sign up to our Security bulletin for the definitive summary and analysis of Infosec threats.

“If there is evidence that the problem [of data breaches] is growing, and companies are not protecting their customers’ private information appropriately, the government will consider bringing forward consideration of the ALRC's [data breach notification] recommendation,” the department spokesman said.

In the absence of such proof, mandatory disclosure would slipstream behind a series of proposed privacy reforms (pdf) unveiled by O'Connor last week.

The reforms aimed - among other things - to give individuals power to sue if their privacy was seriously compromised.

"Proposals for mandatory data breach notification rules [would be] considered by the Government once foundational reforms to the Privacy Act have been progressed," O'Connor's spokesman said.

The spokesman said the Government was “well advanced” in its consideration of the privacy reforms that proceed the data breach notification proposal.

Public consultation on the privacy reforms ends 3 November.

Admitting fault

There were no requirements in Australia for organisations or individuals to report data loss and no mandatory punishments for those that did.

The Government may find it difficult to encourage businesses to come forward and admit to data loss.

Sources polled for this article unanimously said that businesses were encouraged by lawyers and insurance companies not to report data losses.

Those who work to rectify and mitigate security breaches said the scale of data theft dwarfed that known by the government and reported in the media.

Visa had identified that some 40,000 small to medium sized businesses were at high risk of becoming victim to data breach and losing credit card data.

Fraud in these businesses was thought to be lower–value but very common, with almost all instances unreported to government or the media.

Government investigations into data breaches rose 27 percent last year.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
alrcbreachdatahacklawslossmandatorynotificationprivacyreformssecurity

Partner Content

Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Promoted Content Accenture and Google Cloud team up to create a loveable, Australian-first, renewable energy product
Avoiding CAPEX by making on-premise IT more cloud-like
Promoted Content Avoiding CAPEX by making on-premise IT more cloud-like
Security "mindset shift" needed to protect organisations
Promoted Content Security "mindset shift" needed to protect organisations
Security: Understanding the fundamentals of governance, risk & compliance
Promoted Content Security: Understanding the fundamentals of governance, risk & compliance

Sponsored Whitepapers

Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership

Events

  • Micro Focus Information Management & Governance (IM&G) Forum 2022
  • CRN Channel Meets: CyberSecurity Live Event
  • IoT Insights: Secure By Design for manufacturing
  • Cyber Security for Government Summit
  • Forrester Technology & Innovation Asia Pacific 2022
By Darren Pauli
Oct 4 2011
1:22PM
0 Comments

Related Articles

  • Qld gov proposes mandatory data breach reporting for agencies
  • Law firm mulls class action over NDIS software provider data breach
  • India mandates data breach notification within six hours
  • T-Mobile says hackers stole about 7.8m postpaid customers' personal data
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Qantas calls time on IBM, Fujitsu in tech modernisation

Qantas calls time on IBM, Fujitsu in tech modernisation
Researchers hacked Oracle servers to demo serious vulnerability

Researchers hacked Oracle servers to demo serious vulnerability
PayTo rollout kicks off

PayTo rollout kicks off
Australian scientists build world's first quantum computer IC

Australian scientists build world's first quantum computer IC

Digital Nation

Integrity, ethics and board decisions in the digital age
Integrity, ethics and board decisions in the digital age
The security threat of quantum computing
The security threat of quantum computing
IBM global chief data officer on the rise of the number crunchers
IBM global chief data officer on the rise of the number crunchers
Crypto experts optimistic about future of Bitcoin: Block
Crypto experts optimistic about future of Bitcoin: Block
COVER STORY: Operationalising net zero through the power of IoT
COVER STORY: Operationalising net zero through the power of IoT
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.