[LINK] security breach disclosure laws
stephen at melbpc.org.au
stephen at melbpc.org.au
Thu Aug 16 16:08:41 AEST 2007
Democrats introduce data security breach bill to parliament
Call for action ahead of ALRC discussion paper next month
Sandra Rossi 16/08/2007 11:24:52
<http://www.computerworld.com.au/index.php/id;1553634123;fp;4194304;fpid;1>
South Australian Democrats Senator, Natasha Stott Despoja, today
introduced a private Bill to parliament seeking the introduction of laws
which force businesses to notify consumers of a data security breach
involving their personal information.
Labelling existing privacy laws as deficient, Senator Stott Despoja
introduced the Bill seeking immediate amendments to the Privacy Act.
Even if the Bill is rejected and doesn't gain the numbers on both sides of
politics necessary to support the amendments, the introduction of data
disclosure laws in Australia may still go ahead as early as 2008.
Data disclosure laws have attracted wide-ranging support since a review of
the Privacy Act began early this year by the Australian Law Reform
Commission (ALRC).
The ALRC is releasing a discussion paper next month recommending the
introduction of security breach disclosure laws in Australia with the
final report to be delivered to the federal Attorney General, Philip
Ruddock in March, 2008.
The recommendation also has the support of the Federal Privacy
Commissioner, Karen Curtis, who believes Australia should be following the
lead of the United States.
"I think its good business to notify customers [of a breach] although I
don't think notification is appopriate in all circumstances, it really
depends on the level of damage created," she told Computerworld.
Only this week Gartner's vice president of research, Rich Mogull, said
legislative protection in Australia is critical.
Mogull said the introduction of disclosure laws in the US have been the
biggest single driver in improving the IT security landscape.
He said 40 states in the US now have data breach disclosure laws.
Introducing the private senators Bill to parliament, Senator Stott
Despoja, said research shows that more than two-thirds of Australian
organizations experience six losses of sensitive data each year.
She said a report from the IT Policy Compliance Group found these breaches
reportedly include customer, financial, corporate employee and IT security
data which is stolen, leaked or inappropriately destroyed.
"These reports of data security breaches and losses of personal
information have coincided with an increase in identity theft, which has
implications for affected persons' finances, harassment by debt
collectors, credit denials and law enforcement scrutiny for crimes
committed by another individual," Senator Stott Despoja said.
"At the same time, there has been an increase in the number of proposals
to rationalise, centralise and streamline many government services and
databases, the purchase of Australian companies by offshore private equity
funds and a series of business mergers and acquisitions which will make it
easier for large-scale data breaches.
"There is a need for this legislation to protect Australians and their
personal information.
"The incidence and severity of identity theft can be ameliorated through
greater awareness and pre-warning when personal information is obtained by
or disclosed to, an unauthorised party," she said.
"Many overseas governments have already responded to community concern
about data security breaches by implementing legislative requirements for
organisations and agencies to notify affected persons of data security
breaches.
"Such requirements are common in the United States and the European
Commission is expected to pass the European Directive on Data Protection
later in 2007 to impose similar obligations.
"In order to give individuals more control over their personal information
and to satisfy public expectations, Parliament must legislate to require
Commonwealth agencies and organisations to tell individuals when their
personal information has been compromised," she said.
"Measures can be implemented to lessen the impact of identity theft, but
only if persons are aware of the loss of their information. Such
notification requirements could also facilitate greater awareness of data
security breach issues and improve security practices, as has occurred in
other countries.
"I hope my colleagues will support this straightforward amendment to the
Privacy Act," Senator Stott Despoja said.
Message sent using MelbPC WebMail Server
More information about the Link
mailing list