Preparing for mandatory data breach notification
- 26 June, 2013 10:28
With the Privacy Amendments (Privacy Alerts) Bill 2013 likely to become law following a standing committee report, now is a good time to start looking at security systems, says K&L Gates partner Cameron Abbott.
If passed, the bill will require government agencies and businesses to notify customers of serious data breaches in relation to personal, credit reporting, credit eligibility or tax file number information.
A Senate Standing Committee on Legal and Constitutional Affairs urged the Senate to pass the bill, stating that mandatory data breach notifications would benefit both Australian consumers and industry stakeholders.
Abbott told Computerworld Australia that the bill will force companies to prioritise security systems.
“Executives should be engaging with the IT department about their systems so the people that understand this bill and what’s at stake can communicate that to the people who are making cost benefit decisions on the degree of security,” he said.
“One of the practical ways to breach the divide between those who understand the legal risks and the people making the budget decisions is to create a privacy impact statement for these projects.”
According to Abbott, the bill will also affect cloud service providers as they will need to make some “serious commitments” about the security of the data they have been entrusted with.
“To date, there has been a tendency to accept the cloud providers terms and conditions which don’t promise much,” he said.
“Companies should also be looking at the serious ramifications of not getting their security right. If you have a data breach you are going to have to tell all of your customers that you’ve stuffed up and you can’t be trusted.”
Abbot said that this will crystallise brand value far faster than any other consequence that comes out of the legislation.
He added that mandatory reporting of serious data breaches will act as a far greater motivator for companies than fines.
“Sony was fined 250,000 pounds in the UK by the privacy officer following the PlayStation Network breach but it is rumoured to have spent over $150 million to rectify its security issues after the event,” Abbott said.
This article and the comments within it should not be construed as legal advice
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
- Audit agency does BYOD with BlackBerry
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Performance in Supply Chain
Delivering more products, heightened quality and shortened customers with flawless execution and minimal business interruption defines your supply chain success. This report discusses a newly developed end-to-end solution with the right tools to efficiently procure, assemble, ship and deliver the goods your customers want, when they want them.
Convergence with Vblock Systems: A Value Measurement - IDC In-depth assessment
IT infrastructure is the backbone of today's modern business. It enables rapid expansion into new, fast-growing markets. It is at the core of new customer services offerings such as mobile commerce. It is the key to successfully exploiting an explosion in data and data analytics within business processes.
Keeping up with an Increasingly Sophisticated Threat Environment
Relying on traditional signature based Anti Virus alone is simply not sufficient to prevent today’s onslaught of new, sophisticated and advanced malware. This whitepaper describes in detail, some trends and statistics on the malware detection, it then introduces a multi-vector approach to accurately detect malware in the IT environment, and verify that existing anti malware already deployed are functioning optimally.