Proposed Serious Data Breach Notification Bill Moves Forward

Feb 25 2016

CEO Notifies Proposed Serious Data Breach Notification Bill Moves Forward

The proposal to change the Privacy Act to include a mandatory data breach notification scheme was made as a result of an enquiry early last year of the Parliamentary Joint Committee on Intelligence and Security.  At present, Australian Privacy Principle 11 requires reasonable steps to be taken to secure personal information held by government agencies and businesses, but does not require notification when there is a breach of that information.  There is a voluntary data breach notification scheme currently administered by the Office of the Australian Information Commissioner (OAIC) which is based upon an Australian Law Reform Commission report in 2008. 

The number of voluntary data breaches notified as shown an increase from 61 in 2012/13, to 67 in 2013/14 and finally 110 in 2014/15.  It shows that there is a problem if these sorts of numbers are being obtained from a voluntary system. NCPA is aware that a number of the Association’s members have already used the voluntary disclosure system.


The full CEO note on this issue is exclusively for Members only.

Click here to access the Members' log-in

Click here if you wish to join NCPA and receive regular Member updates and guidances on important and up to the minute activity in the SACC and MACC industry.