Following on from an advisory report into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (Cth) (Data Retention Bill), released on 27 February this year, the Federal Government has now accepted recommendations to develop a mandatory data breach notification scheme.
The message from this is clear- Australian businesses must ensure that the data they hold is securely protected, because breaches may soon require disclosure to the affected individual, and the general public.
It remains to be seen how the legislation will be constructed, but it is likely that it will require organisations who commit a serious data breach to report that breach or be subject to other consequences that may have an adverse effect on the organisation, such as the giving of an apology, paying compensation, or complying with a direction to take or refrain from taking certain action.
Any scheme will likely apply to all agencies and organisations regulated by the Privacy Act 1988 (Cth) (Privacy Act), namely:
- Federal Government agencies; and
- private sector organisations that:
- have an annual turnover of more than $3 million; or
- are health service providers (regardless of turnover); or
- receive payment for collecting or disclosing personal information (regardless of turnover); or
- provide contractual services to the Commonwealth, including all Federal Government contractors (regardless of turnover
There is no doubt that change is on the horizon, and, as previously stated, Australian businesses need to fortify the security of their data, because breaches that require disclosure to the public could have drastic reputational damage.
If you would like more information on the Data Retention Bill or the recommendation, please contact;