Mandatory Serious Data Breach Notification

April 12, 2016

What is proposed? What will it mean?

The Australian Government has been consulting on what the proposed Bill to amend the Privacy Act 1988 to introduce mandatory notification reporting for serious data breaches should look like.

The Bill would require regulated Commonwealth government agencies and businesses, unless exempted, to notify the national privacy regulator and affected individuals following a serious data breach involving personal information, credit reporting, credit eligibility and tax file numbers.

The Proposed Bill in it’s current form does not clearly state a number of things which need clarification in order to meet the objectives it sets. These include:

– A threshold on notification based on ‘the real risk of serious harm’ — How do you assess seriousness of harm, since individuals impacted have varying tolerances for harm, and no uniformity between the usage of the leaked data. To use an example, if an individual impacted has recycled their password elsewhere, the risk of serious harm increases exponentially.

-Entities effected is somewhat governed by their size and turnover. This isn’t in the best interest of citizens, as many small enterprises collect sensitive information which may cause damage. It is our opinion that an entity should notify regardless of their size to protect their customers interests.

-The Proposed Bill effects the Australian Privacy Principles governed entities which ‘hold’ personal information, yet information may be both held and controlled by another outsourced entity or process by another entity. Some clarity around responsibilities is required.

We look forward to further information and updates about Data Breach notification in order to update our clientele.

Fields marked with an * are required
Find out more
Recent Posts

Not-For-Profit & Education Discounts

18 July 2016

a team of highly skilled ethical hackers

Read More

Whitehack Information Security Consultant Finds Critical Vulnerability within AVG Owned Domain

30 June 2016

a team of highly skilled ethical hackers

Read More

ABC Four Corners Films Segment at WHITEHACK

03 June 2016

information security auditors, interview, four corners

Read More

ABC Radio Chat: TrainLink & Myspace Hack

31 May 2016

a team of highly skilled ethical hackers

Read More