South Australian Democrats Senator, Natasha Stott Despoja, today introduced a private Bill to parliament seeking the introduction of laws which force businesses to notify consumers of a data security breach involving their personal information.
Labelling existing privacy laws as deficient, Senator Stott Despoja introduced the Bill seeking immediate amendments to the Privacy Act.
Even if the Bill is rejected and doesn't gain the numbers on both sides of politics necessary to support the amendments, the introduction of data disclosure laws in Australia may still go ahead as early as 2008.
Data disclosure laws have attracted wide-ranging support since a review of the Privacy Act began early this year by the Australian Law Reform Commission (ALRC).
The ALRC is releasing a discussion paper next month recommending the introduction of security breach disclosure laws in Australia with the final report to be delivered to the federal Attorney General, Philip Ruddock in March, 2008.
The recommendation also has the support of the Federal Privacy Commissioner, Karen Curtis, who believes Australia should be following the lead of the United States.
"I think its good business to notify customers [of a breach] although I don't think notification is appopriate in all circumstances, it really depends on the level of damage created," she told Computerworld.
Only this week Gartner's vice president of research, Rich Mogull, said legislative protection in Australia is critical.
Mogull said the introduction of disclosure laws in the US have been the biggest single driver in improving the IT security landscape.
He said 40 states in the US now have data breach disclosure laws.
Introducing the private senators Bill to parliament, Senator Stott Despoja, said research shows that more than two-thirds of Australian organizations experience six losses of sensitive data each year.
She said a report from the IT Policy Compliance Group found these breaches reportedly include customer, financial, corporate employee and IT security data which is stolen, leaked or inappropriately destroyed.
"These reports of data security breaches and losses of personal information have coincided with an increase in identity theft, which has implications for affected persons' finances, harassment by debt collectors, credit denials and law enforcement scrutiny for crimes committed by another individual," Senator Stott Despoja said.
"At the same time, there has been an increase in the number of proposals to rationalise, centralise and streamline many government services and databases, the purchase of Australian companies by offshore private equity funds and a series of business mergers and acquisitions which will make it easier for large-scale data breaches.
"There is a need for this legislation to protect Australians and their personal information.
"The incidence and severity of identity theft can be ameliorated through greater awareness and pre-warning when personal information is obtained by or disclosed to, an unauthorised party," she said.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.