Subscribe to CIO Magazine »

Preparing for mandatory data breach notification

Get security systems in order now, urges legal expert
Preparing for mandatory data breach notification

With the Privacy Amendments (Privacy Alerts) Bill 2013 likely to become law following a standing committee report, now is a good time to start looking at security systems, says K&L Gates partner Cameron Abbott.

If passed, the bill will require government agencies and businesses to notify customers of serious data breaches in relation to personal, credit reporting, credit eligibility or tax file number information.

A Senate Standing Committee on Legal and Constitutional Affairs urged the Senate to pass the bill, stating that mandatory data breach notifications would benefit both Australian consumers and industry stakeholders.

Abbott told Computerworld Australia that the bill will force companies to prioritise security systems.

“Executives should be engaging with the IT department about their systems so the people that understand this bill and what’s at stake can communicate that to the people who are making cost benefit decisions on the degree of security,” he said.

“One of the practical ways to breach the divide between those who understand the legal risks and the people making the budget decisions is to create a privacy impact statement for these projects.”

According to Abbott, the bill will also affect cloud service providers as they will need to make some “serious commitments” about the security of the data they have been entrusted with.

“To date, there has been a tendency to accept the cloud providers terms and conditions which don’t promise much,” he said.

“Companies should also be looking at the serious ramifications of not getting their security right. If you have a data breach you are going to have to tell all of your customers that you’ve stuffed up and you can’t be trusted.”

Abbot said that this will crystallise brand value far faster than any other consequence that comes out of the legislation.

He added that mandatory reporting of serious data breaches will act as a far greater motivator for companies than fines.

“Sony was fined 250,000 pounds in the UK by the privacy officer following the PlayStation Network breach but it is rumoured to have spent over $150 million to rectify its security issues after the event,” Abbott said.

This article and the comments within it should not be construed as legal advice

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Bill, Sony
References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: mandatory data breach notification, security, Privacy Amendment (Privacy Alerts) Bill 2013, K&L Gates
Latest Blog Posts
  • Pathways Advanced ICT Leadership Development Program Course Outline and Big 6 2013
    Developed by the CIO executive Council in conjunction with Rob Livingstone Advisory, Pathways Advanced is a 12-month CIO delivered, small group, mentor based professional leadership development program. Pathways Advanced brings together best practice, thought leadership and business insights for today’s most promising ICT professionals
    Learn more »
  • How to Successfully Select an ERP System
    An Enterprise Resource Planning (ERP) system is a series of software applications that collect and compiles data from different departments to enhance collaboration and co-ordination within the business. If you’re looking to implement your first ERP system, or to upgrade from an existing system, this whitepaper offers eight simple steps for selection that will lead to long-term strategic success.
    Learn more »
  • Delphix and Pure Storage Team to Super-Charge Database Deployments
    This webcast presentation, prepared by Delphix and Pure storage, explores super-charge database deployments and how they can aid business strategy. The presentation details the main features of a new flash solution – high performance, inline data reduction, resilience and scalability, and the value of simplicity. Viewers can learn how to put an end to inefficient or delayed QA, Sharing DB environments, using DB subsets and slow environment builds.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Latest Jobs
Salary Calculator

Supplied by

View the full Peoplebank ICT Salary & Employment Index

Recent comments