A standing committee has urged the Senate to pass the Privacy Amendments (Privacy Alerts) Bill 2013, stating that mandatory data breach notifications would benefit both Australian consumers and industry stakeholders.
If passed, the bill will require government agencies and businesses to notify customers of serious data breaches in relation to personal, credit reporting, credit eligibility or tax file number information.
The report by the Senate Standing Committee on Legal and Constitutional Affairs agreed that proposed reforms were long overdue and would encourage companies to effect and maintain high-quality data security practices.
“The committee supports enhanced privacy protection for individuals whose personal information has been accessed by, or disclosed to, a third party as the result of a serious data breach,” read the report.
It noted that the Office of the Information Commissioner (OAIC) had provided evidence in its submission that data breaches are under-reported and on the increase within Australia.
For example, under the OAIC’s current voluntary data breach notification scheme it received 46 notifications between July 2011 and June 2012. This was down from 56 notifications in 2010-2011.
While the committee acknowledged that several groups who made submissions had concerns about the lack of definition for the term 'serious harm' and the trigger for mandatory notification, it pointed out that this threshold had been included in voluntary data breach notification guidelines since 2008 when the Australian Law Reform Commission (ALRC) recommended the standard.
“The committee accepts that the threshold is familiar to stakeholders, and agrees that it is preferable for the Commissioner to continue to issue guidance on the meaning of a real risk of serious harm as circumstances require.”
The Australian Communications Consumer Action Network (ACCAN), which made a submission to the committee in support of mandatory notification, said passing the bill would lead to better security of private and financial information.
“Consumers have a right to be informed when companies lose or misuse their data and ACCAN does not believe such notifications would be difficult to provide,” said CEO Teresa Corbin.
However, Coalition senators Gary Humphries and Sue Boyce said in a statement that they were concerned about the lack of “due process” and time for scrutiny afforded to the bill.
“Coalition senators believe the concerns raised by those stakeholders should be better scrutinised, understood and acted upon by the relevant government agencies as this new privacy regime is rolled out.”
The Communications Alliance and Association for Data-driven Marketing and Advertising (ADMA) have also criticised the bill, saying that the legislation will come at a cost to industry and that there has not been enough consultation.
Follow Hamish Barwick on Twitter: @HamishBarwick
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.