Mandatory data breach notification laws are back on the agenda despite a change of government and the recent introduction of the biggest changes to privacy law in 25 years.
Just a year ago, data breach notification laws, which require businesses to notify customers of data breaches, were all set to be waved through on the last day of parliament under the prime minister at the time, Julia Gillard.
Of course, two-time former prime minister, Kevin Rudd, challenged and the rest is history.
Now it is back. The Privacy Amendment (Privacy Alerts) Bill 2014 was introduced into the senate on March 20 for its second reading.
The 2014 Bill would amend the Privacy Act 1988, which does not currently require any notification of a privacy breach detected by an organisation or agency.
The Bill could still change. But if it is passed in its current form the proposed laws will require an organisation or agency to notify privacy breaches to the Office of the Australian Information Commissioner (OAIC) if there is a “real risk of serious harm” to the affected individuals.
The commissioner could also have the power to force offenders to publish public notices or to notify the affected individuals.
Workshare vice-president, Laureen Smith, has welcomed the Government’s latest bid the pass the legislation.
“We are delighted to hear that Australia’s mandatory data breach notification legislation is back on the government’s agenda after it had a first reading in the Senate on March 20.
“Unfortunately, the Bill lapsed in 2013 after a second reading in parliament and was delayed prior to the Federal Election when the Coalition Government was elected into office.
“If approved by the Government, the Bill will require government agencies and businesses to notify customers of serious data breaches in relation to personal, credit reporting, credit eligibility or tax file numbers.
She said this would now give the Australian Privacy Commission the power to investigate data breaches.
“The 2014 version of the Bill includes the Australian Privacy Principles (APPs), which as we all know became law on 12th March,” she said.
“We felt this legislation did not go far enough and now that mandatory notification to customers of a breach is back on the table, it is a good thing for Australian consumers and citizens.”