[LINK] Australian privacy breach notification

stephen at melbpc.org.au stephen at melbpc.org.au
Wed Nov 7 21:42:53 AEDT 2012

Australian privacy breach notification

Attorney-General's Department, 20th October 2012

The Commonwealth Government has published a discussion paper, 'Australian 
Privacy Breach Notification' about the possible introduction of mandatory 
data breach notification laws. 

A data breach occurs when personal information is improperly accessed, 
obtained, used, disclosed, copied or modified.

There have been several significant and high-profile data breaches in 
recent years. The paper considers what notification requirements 
government agencies and large private-sector organisations should have to 
meet when they suffer a data breach.

Questions include:

* Should Australia introduce mandatory data breach notification laws?

* What kind of breaches should trigger notification requirements?

* Who should decide whether notification is necessary?

* What should be reported and how quickly?

* How should a notification requirement be enforced?

* Who should be subject to a mandatory data breach notification law?

Submissions are sought by 23 November 2012.  http://apo.org.au/node/31691

"Recently, there is anecdotal evidence that breaches of data security are 
increasing in frequency and scope. Some recent US reports have found that 
up to 88 per cent of organisations surveyed have had at least one data 
breach during the course of a year. These reports also indicate that the 
cost of notification and rectification is also increasing, with a cost 
range of $174 to $268 per information record breached in the US, 
depending on how quickly a company responded to the data breach.

In addition, the Office of the Australian Information Commissioner (OAIC) 
was notified of 56 data breaches in the 2010/2011 financial year, 
equivalent to a data breach a week. This is up from 44 in the previous 
year, an increase of 27 per cent. The Privacy Commissioner also opened 59 
investigations in to breaches of which there was no notification to the 



More information about the Link mailing list