Attorney General announces mandatory data breach notification laws

From the office of the Australian Attorney General:  The Commonwealth Attorney General has announced new laws to be introduced into Parliament requiring businesses and organisations to inform individuals when a data breach involving their personal information has occurred.

Attorney General Mark Dreyfus QC made the following remarks:

“With businesses and government agencies holding more information about Australians than ever before, it is essential that privacy is safeguarded … The new laws will alert consumers to breaches of their privacy, so that they can change passwords, improve security settings and make other changes as they see fit … The laws are good for consumers because they protect privacy, and are good for business because they will help create openness and trust.”

Mandatory data breach notification laws are already common in many other nations, particularly the EU, as outlined in Nicholls Legal’s Whitepaper ‘Data Security in the Cloud’.

The laws will also require the Office of the Australian Information Commissioner (OAIC) to be informed of any data breach that occurs.  The OAIC has welcomed the new laws, with Australian Privacy Commissioner Timothy Pilgrim issuing the following remarks:

“I have supported the introduction of mandatory data breach notification laws in Australia since they were first proposed by the Australian Law Reform Commission in 2008. Currently there is no legal requirement in Australia for government agencies or private sector organisations to notify individuals when a data breach occurs, except in limited circumstances under eHealth laws … Without notification, people affected by serious data breaches are unable to take mitigating steps to protect their personal information – steps which only they may be able to take, such as cancelling credit cards or requesting a new Medicare number … The last couple of years have seen a number of high-profile data breaches and subsequent own motion investigations initiated by me, and research suggests that the frequency of data breaches in Australia has continued to grow over the past three years.”

You can read more about the new laws here.



Contact Matthew Nicholls (ph: +61 3 8376 7131) to discuss your requirements.