[LINK] security breach disclosure laws

stephen at melbpc.org.au stephen at melbpc.org.au
Thu Aug 16 16:08:41 AEST 2007 

Democrats introduce data security breach bill to parliament

Call for action ahead of ALRC discussion paper next month
Sandra Rossi 16/08/2007 11:24:52 
<http://www.computerworld.com.au/index.php/id;1553634123;fp;4194304;fpid;1>
 
South Australian Democrats Senator, Natasha Stott Despoja, today 
introduced a private Bill to parliament seeking the introduction of laws 
which force businesses to notify consumers of a data security breach 
involving their personal information. 

Labelling existing privacy laws as deficient, Senator Stott Despoja 
introduced the Bill seeking immediate amendments to the Privacy Act. 

Even if the Bill is rejected and doesn't gain the numbers on both sides of 
politics necessary to support the amendments, the introduction of data 
disclosure laws in Australia may still go ahead as early as 2008. 

Data disclosure laws have attracted wide-ranging support since a review of 
the Privacy Act began early this year by the Australian Law Reform 
Commission (ALRC). 

The ALRC is releasing a discussion paper next month recommending the 
introduction of security breach disclosure laws in Australia with the 
final report to be delivered to the federal Attorney General, Philip 
Ruddock in March, 2008. 

The recommendation also has the support of the Federal Privacy 
Commissioner, Karen Curtis, who believes Australia should be following the 
lead of the United States. 

"I think its good business to notify customers [of a breach] although I 
don't think notification is appopriate in all circumstances, it really 
depends on the level of damage created," she told Computerworld. 

Only this week Gartner's vice president of research, Rich Mogull, said 
legislative protection in Australia is critical. 

Mogull said the introduction of disclosure laws in the US have been the 
biggest single driver in improving the IT security landscape. 

He said 40 states in the US now have data breach disclosure laws. 

Introducing the private senators Bill to parliament, Senator Stott 
Despoja, said research shows that more than two-thirds of Australian 
organizations experience six losses of sensitive data each year. 

She said a report from the IT Policy Compliance Group found these breaches 
reportedly include customer, financial, corporate employee and IT security 
data which is stolen, leaked or inappropriately destroyed. 

"These reports of data security breaches and losses of personal 
information have coincided with an increase in identity theft, which has 
implications for affected persons' finances, harassment by debt 
collectors, credit denials and law enforcement scrutiny for crimes 
committed by another individual," Senator Stott Despoja said. 

"At the same time, there has been an increase in the number of proposals 
to rationalise, centralise and streamline many government services and 
databases, the purchase of Australian companies by offshore private equity 
funds and a series of business mergers and acquisitions which will make it 
easier for large-scale data breaches. 

"There is a need for this legislation to protect Australians and their 
personal information. 

"The incidence and severity of identity theft can be ameliorated through 
greater awareness and pre-warning when personal information is obtained by 
or disclosed to, an unauthorised party," she said. 

"Many overseas governments have already responded to community concern 
about data security breaches by implementing legislative requirements for 
organisations and agencies to notify affected persons of data security 
breaches. 

"Such requirements are common in the United States and the European 
Commission is expected to pass the European Directive on Data Protection 
later in 2007 to impose similar obligations. 

"In order to give individuals more control over their personal information 
and to satisfy public expectations, Parliament must legislate to require 
Commonwealth agencies and organisations to tell individuals when their 
personal information has been compromised," she said. 

"Measures can be implemented to lessen the impact of identity theft, but 
only if persons are aware of the loss of their information. Such 
notification requirements could also facilitate greater awareness of data 
security breach issues and improve security practices, as has occurred in 
other countries. 

"I hope my colleagues will support this straightforward amendment to the 
Privacy Act," Senator Stott Despoja said. 




Message sent using MelbPC WebMail Server

More information about the Link mailing list