Legal Know-How
Learn more about us
  • Welcome
  • People
  • Recent matters
  • Legal news
  • Testimonials
  • Contact us
  • Secured client access

Privacy reform alert - mandatory data breach notification may soon become a reality

27/3/2014

0 Comments

 
Picture
First of all, some definitions.  Personal information is, in essence, information that identifies a person or could reasonably identify a person; data breach means unauthorised access to, or disclosure of, personal information; and serious data breach means a data breach where there is a real risk of serious harm (including reputational, economic and financial harm) to the affected individual.

We will all agree that a data breach, especially if it is serious, can severely adversely impact on the individual’s whose personal information has been compromised.  For example, the affected individual can be exposed to the risk of fraud and identity theft.  Prompt notifications will allow individuals to take action to protect themselves.

Data breach notification has been in the spot light for some years now.  Those of us who have been following Australia’s privacy reforms will recall that in its 2008 privacy report, the Australian Law Reform Commission (ALRC) noted that there was an increasing risk that the huge volume of personal information collected by government agencies and large corporations could become subject to data breaches.  At the time, the ALRC already recommended mandatory data breach reporting.

Late last week, we saw the Privacy Amendment (Privacy Alerts) Bill 2014 being re-introduced into the Federal Parliament (on 20 March 2014).  The Second Reading Speech pointed out that the re-introduction of this Bill is the next key step in the major reform of Australia's privacy laws.  The Bill provides that when a government agency or an organisation has suffered a serious data breach, it must notify the affected individuals and the Office of the Australian Information Commissioner (OAIC).

Currently, there is no requirement for agencies and organisations to notify affected individuals or the OAIC when they have suffered a data breach.  The OAIC has voluntary guidelines encouraging notification, but is concerned that many data breaches remained unreported.  It is intended that the Bill, when it becomes law, will see the long overdue measure recommended by the ALRC go live, stop the gap in Australia's privacy laws and position Australia as a global leader in privacy protection.

This post first appeared on CPD Interactive's "Legal Natter's Blog".

We can help you understand the Privacy Act (by way of privacy training, for example) and, importantly, we can provide you with a privacy policy and privacy compliance plan tailored to your needs and in compliance with the law - just contact us for assistance.
0 Comments



Leave a Reply.

    About

    Welcome to legal news. This is about legal know-how relevant to lawyers and business people alike.

    Archives

    November 2015
    October 2015
    September 2015
    August 2015
    July 2015
    June 2015
    May 2015
    March 2015
    January 2015
    November 2014
    October 2014
    September 2014
    August 2014
    May 2014
    April 2014
    March 2014
    February 2014
    January 2014
    October 2013
    July 2013
    June 2013
    March 2013
    January 2013
    November 2012

    Categories

    All
    Business Lending
    Case Law
    Credit
    Drafting
    General
    Guarantees
    Intellectual Property
    Knowledge Management
    Legal Practice Management
    Legal Technologies
    Legislation And Regulation
    Personal Property Securities
    Privacy
    SME Q&A Series
    SMEs

    RSS Feed

© 2014 Karen Lee | Legal Know-How
All rights reserved
Information and notices