Business and government agencies will be required to notify people when a data breach affecting their privacy occurs, according to proposed privacy laws that will be introduced in Parliament this week, Attorney-General, Mark Dreyfus, has said.
“With businesses and government agencies holding more information about Australians than ever before, it is essential that privacy is safeguarded,” Dreyfus said in a statement.
The new laws will help alert consumers to breaches of their privacy, so that they can change passwords, improve security settings and make other changes as they see fit, according to a statement.
Data breaches can be the result of hacking, poor security and sometimes carelessness, according to the statement.
“Some data breaches have exposed the personal information of tens of thousands of Australians,” Dreyfus said.
“The laws are good for consumers because they protect privacy, and are good for business because they will help create openness and trust.”
The new laws will also require notification of data breaches to the Office of the Australian Information Commissioner.
“To make sure that the new laws have teeth, the Information Commissioner will be able to direct agencies and business to notify individuals of data breaches,” Dreyfus said.
The laws will apply to all entities covered by the Privacy Act 1988 including many businesses, but they will not impose an unreasonable burden on business, according to the statement. The notification requirements also don't apply to all data breaches, only breaches that give rise to a risk of "serious harm."
The Commissioner will be able to seek civil penalties if there is serious or repeated non-compliance with the notification requirements, according to the statement.