Published on the 10/12/2015 | Written by Beverley Head
Australia has once more pushed out the deadline for its data breach legislation, although it has released an exposure draft available for public comment until March…
The Australian Law Reform Commission recommended introducing data breach notification back in 2008, but successive Governments have dragged their heels on the issue. The only data breaches which must be disclosed currently are those where health related data is involved.
The Government however committed to introducing legislation requiring mandatory breach notification when it introduced the metadata retention scheme in October. All telecommunications required to store metadata will be covered by the data breach notification legislation.
According to the Federal Attorney General’s department the Bill now being considered would require any organisation subject to the Privacy Act to notify the national privacy regulator and affected individuals following a serious data breach within 30 days. The definition of a “serious data breach” will be included in the legislation.
“The Bill is intended to improve the privacy of Australians without placing an unreasonable regulatory burden on business,” it states.
High profile hacks of corporate and Government entities have also put the issue back in the spotlight and the news of mandatory notification was immediately welcomed by acting Australian Information Commissioner Timothy Pilgrim who noted that; “Data breach notification can be an important mitigation strategy in the event of a serious data breach. Notification enables people affected by a breach to take steps to protect their personal information; such as cancelling credit cards or updating log ins with service providers.
“A mandatory notification scheme will provide confidence to all Australians that, in the event of a serious data breach, they will be given the opportunity to manage their personal information accordingly.”
Samantha Madrid, head of network security product marketing, for Palo Alto Networks who is currently in Australia said that discussions about computer and information security were now a “transforming topic” for most enterprises especially as complex networks of cloud computer, on premise and Internet of Things deployments were embraced by enterprises.
She said that high profile data breaches, such as that endured last year by Sony, signified that “legacy approaches (to protection) aren’t working.”
She said that anything which provided greater visibility about security challenges – which will be the case once data breach notification is mandated – was useful as it prompted organisations to consider and review their security practices.