iTnews

Dreyfus backs mandatory data breach laws

By Allie Coyne on Apr 29, 2013 1:47PM
Dreyfus backs mandatory data breach laws

More talks on the cards.

Attorney-General Mark Dreyfus has backed plans to introduce a mandatory data breach notification scheme in Australia.

The scheme was recommended by the Australian Law Reform Commission in 2008. It will require companies to inform the public whenever customers' personal information is compromised.

Former Attorney-General Nicola Roxon introduced a discussion paper on the topic last October, seeking feedback on what should trigger notification, who should be notified and which organisations should be subject to the regime.

Dreyfus said today the Government would engage in a 'small amount' of further talks with key stakeholders before deciding whether to implement such a system.

Speaking today at the launch of the 2012 Privacy Awareness Week, Dreyfus said any government agencies and organisations suffering a data breach should provide timely advice to affected parties.

He said the growing amount of breaches reported in the media continued to raise community concerns about the need for a mandatory scheme. 

“If there continues to be under reporting of data breaches, or we continue to find out about them only through media reports, some would argue there is a strong case to move to a mandatory scheme,” he said.

Dreyfus cited a 2012 report by Canberra University's Centre for Internet Safety which found a majority of Australians supported data breach notifications.

"I believe government agencies or companies that suffer a data breach should provide timely advice to those who have or could have had their privacy infringed, and that seems to be the view of many Australians."

He highlighted recent breaches at the likes of the ABC, Telstra, Medvet and Sony Playstation as cases for a mandatory scheme.

“While I am an optimist, I do not anticipate we have yet seen the end of these types of breaches. A mandatory notification requirements may also act as an incentive for holders of information to secure it," he said.

“The Government is carefully considering what has emerged from consultation and we’ll engage in a little bit more consultation before deciding which option we’re going to pursue.”

He did not give a timeframe for any potential legislative changes. The Attorney General's department has been contacted for further comment.

Privacy Commissioner Timothy Pilgrim also called for mandatory notification, warning that attacks like those leading to the recent arrest of Sydney-based alleged LulzSec hacker Matthew Flannery would continue, putting Australians' personal information at risk.

“In 2011/12, the OAIC [Office of the Australian Information Commissioner] received 1357 privacy complaints; that was an increase of 11 percent on the previous year," he said.

"Not surprisingly, data security was one of the top four reasons for most complaints against the private sector, and featured prominently in the majority of our own investigations."

In its response to Roxon's October 2012 discussion paper, the OAIC stated that Australia's existing voluntary data breach notification arrangements were insufficient.

The OAIC recommended:

  • that notification occur when a breach gives rise to a ‘real risk of serious harm’ to an individual;
  • that a ‘catch-all’ test should apply to a range of circumstances; and
  • that a notification should include the type of personal information involved in the breach, the context of the information and the breach, and the case and extent of the breach and the risk of harm.

It also suggested the notification should include an incident description and the organisation’s response to the breach.

Pilgrim said the OAIC should have the power to compel notification and impose civil penalties on those who fail to comply.

Privacy reforms

The new Privacy Act 2012 will come into effect in March 2014. Changes to the 24-year-old Act include 13 new privacy principles which cover both private and public sectors, called Australian Privacy Principles (APPs).

The APPs replace the existing Information Privacy Principles (IPPs) for the public sector and National Privacy Principles (NPPs) which apply to the private sector.

Additionally, the Privacy Commissioner will benefit from increased powers including the ability to accept enforceable undertakings; seek civil penalties; and conduct performance assessments of privacy performance for government agencies and businesses.

Credit reporting laws will also change under the new Act. New features include: more comprehensive reporting; a simplified complaints process; prohibition on reporting of credit information about children and defaults less than $150; specific rules dealing with pre-screening of credit offers and an individual’s ability to freeze access to credit-related personal information in cases of suspected identity theft/ fraud; and civil penalties for breaches of certain provisions.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
data breach dreyfus attorney hacking mandatory data breach notification pilgrim mark privacy commissioner security timothy

Partner Content

"Move away from linear thinking", futurologist advises business leaders
Promoted Content "Move away from linear thinking", futurologist advises business leaders
A 360° view of the cost of data breaches in Australia and how to mitigate them
Promoted Content A 360° view of the cost of data breaches in Australia and how to mitigate them
Deadline to enter 2021 IoT Awards extended
Partner Content Deadline to enter 2021 IoT Awards extended
Why efficient data sharing is vital for effective emergency management
Promoted Content Why efficient data sharing is vital for effective emergency management

Sponsored Whitepapers

10 questions to ask before you select a Network Performance Management tool
10 questions to ask before you select a Network Performance Management tool
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Innovate faster. Why accelerating change is a CIO's biggest challenge.
Unlock faster time-to-revenue using Adobe digital document processes
Unlock faster time-to-revenue using Adobe digital document processes
How Security as Code changes development and deployment for the cloud
How Security as Code changes development and deployment for the cloud
Tackle new ITSM priorities with this seven-step Micro Focus guide
Tackle new ITSM priorities with this seven-step Micro Focus guide

Events

  • SAP e'ffect 2021
By Allie Coyne
Apr 29 2013
1:47PM
0 Comments

Related Articles

  • OAIC launches investigation into Optus over White Pages data leak
  • Uber found to have breached privacy of 1.2 million Aussies in 2016
  • OAIC asks govt to require de-identification in data sharing laws
  • NSW govt's mandatory data breach reporting scheme unlikely before 2022
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra 'gamifies' cloud cost reduction efforts among internal teams

Telstra 'gamifies' cloud cost reduction efforts among internal teams
Coles keeps a close watch on its Azure cloud costs

Coles keeps a close watch on its Azure cloud costs
Defence hands IBM $42m for SAP case management system

Defence hands IBM $42m for SAP case management system
Reserve Bank CIO lands at Salesforce

Reserve Bank CIO lands at Salesforce

Digital Nation

Expect dramatic value chain disruptions every four years: McKinsey Global Institute
Expect dramatic value chain disruptions every four years: McKinsey Global Institute
HR platform consolidation unlocks the value of data at Aurecon
HR platform consolidation unlocks the value of data at Aurecon
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
COVER STORY: Data centre sustainability scrutiny puts emissions in the spotlight
Next generation of Digital Giants growing faster than the originals: Ray Wang
Next generation of Digital Giants growing faster than the originals: Ray Wang
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
Digital leaders master collaboration, reskilling and culture: Didier Bonnet
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.