Proposed Serious Data Breach Notification Bill Moves Forward
Feb 25 2016
CEO Notifies Proposed Serious Data Breach Notification Bill Moves Forward
The proposal to change the Privacy Act to include a mandatory data breach notification scheme was made as a result of an enquiry early last year of the Parliamentary Joint Committee on Intelligence and Security. At present, Australian Privacy Principle 11 requires reasonable steps to be taken to secure personal information held by government agencies and businesses, but does not require notification when there is a breach of that information. There is a voluntary data breach notification scheme currently administered by the Office of the Australian Information Commissioner (OAIC) which is based upon an Australian Law Reform Commission report in 2008.
The number of voluntary data breaches notified as shown an increase from 61 in 2012/13, to 67 in 2013/14 and finally 110 in 2014/15. It shows that there is a problem if these sorts of numbers are being obtained from a voluntary system. NCPA is aware that a number of the Association’s members have already used the voluntary disclosure system.
The full CEO note on this issue is exclusively for Members only.