The Commonwealth Government has published a discussion paper, Australian Privacy Breach Notification, about the possible introduction of mandatory data breach notification laws. A data breach occurs when personal information is improperly accessed, obtained, used, disclosed, copied or modified.
There have been several significant and high-profile data breaches in recent years. The paper considers what notification requirements government agencies and large private-sector organisations should have to meet when they suffer a data breach.
- Should Australia introduce mandatory data breach notification laws?
- What kind of breaches should trigger notification requirements?
- Who should decide whether notification is necessary?
- What should be reported and how quickly?
- How should a notification requirement be enforced?
- Who should be subject to a mandatory data breach notification law?
Submissions are sought by 23 November 2012. Refer to the discussion paper for details on how to make submissions.