The Federal Government is planning to amend the Privacy Act to introduce a mandatory data breach notification scheme. The scheme would mean that all government agencies, and entities with an annual turnover of more than $3m, must notify everyone whose personal information was disclosed if they suffer a serious data breach. A data breach would be 'serious' if it results in a 'real risk of serious harm' to an individual or individuals. The scheme would allow people whose personal information has been compromised by a breach to take steps to lessen or avoid potential harms, such as financial loss or identity theft.

ACCAN supports the introduction of a mandatory data breach notification scheme, but recommends revisions to the Bill that would improve consumer protections. Our recommendations include revising the matters that can be taken into account in determining whether there is a real risk of serious harm, revising the amount of time allowed to carry out an assessment of a potentially serious data breach, and setting maximum timeframes for applying for and granting exemptions.

Download: docxACCAN Submission Serious Data Breach Notification.docx801.36 KB

Download: pdfACCAN Submission Serious Data Breach Notification.pdf620.19 KB