ACCAN has made a submission to the Senate Standing Committees on Legal and Constitutional Affairs' inquiry into the Privacy Amendment (Privacy Alerts) Bill 2013 that was recently introduced into Parliament. The Bill would introduce a "mandatory data breach notification" requirement on organisations to alert the Privacy Commissioner and affected consumers when their customers' personal information is lost or exposed. This would potentially allow consumers to take action, such as cancelling a credit card, before any of their leaked information causes serious harm.

Such a requirement has been discussed for many years now, and in 2008 the Australian Law Reform Commission recommended the requirement as part of its review of Australia's privacy laws. By requiring organisations to publicly report breaches, it provides an incentive for organisations to handle personal information in an appropriate way, and consumers can be more informed of how organisations are handling their information.

In the telecommunications industry, a number of recent data breaches have occurred and have been investigated by the Privacy Commissioner. A mandatory data breach notification requirement would help to ensure that no significant breaches are going unreported.

Summary:

In its submission, ACCAN voiced its support of the Privacy Amendment (Privacy Alerts) Bill 2013. While we have previously expressed concerns over some details of the Bill, the new requirement would, on the whole, provide a benefit to consumers.

Download: docxACCAN Privacy Amendment (Privacy Alerts) Bill 2013 submission81.76 KB

Download: pdfACCAN Privacy Amendment (Privacy Alerts) Bill 2013 submission101.9 KB

Relevant submissions: ACCAN submission to the Attorney General's Department on mandatory data breach notifications

Recent data breaches:

Office of the Australian Information Commissioner, AAPT Anonymous hack, 6 August 2012 http://www.oaic.gov.au/news/statements/statement_120806_aapt_melb_it.html

Office of the Australian Information Commissioner, Telstra Corporation Limited, June 2012 http://www.oaic.gov.au/publications/reports/own_motion_telstra_bundles_June_2012.html

Office of the Australian Information Commissioner, Sony PlayStation Network/Qriocity, 29 September 2011 http://www.oaic.gov.au/publications/reports/own_motion_sony_sep_2011.html

Office of the Australian Information Commissioner, Telstra Corporation Limited (Telstra), 7 July 2011, http://www.oaic.gov.au/publications/reports/own_motion_telstra_May_2011.html

Sophie Scott, Probe into depression chat leaks, ABC News, 11 December 2009, http://www.abc.net.au/news/2009-12-11/probe-into-depression-chat-leaks/2572248