Australia's Data Breach Notification Bill: Transparency Deficits
(2016) 139 Privacy Laws & Business International Report, 18-19
4 Pages Posted: 16 Apr 2016 Last revised: 7 Sep 2016
Date Written: January 30, 2016
Abstract
Australia’s conservative coalition agreed to introduce a mandatory data breach notification (MDBN) scheme, as part of the political trade-off to obtain parliamentary passage of its data retention law in 2015, and as recommended by a Parliamentary Joint. MDBN legislation had previously been recommended by the Australian Law Reform Commission’s (ALRC) report, and had been the subject of a Bill by the previous Labor government in 2013 which did not obtain passage during its term. This article discusses the government’s exposure draft of the Privacy Amendment (Notification of Serious Data Breaches) Bill (December 2015). The Bill proposes amendments to the Privacy Act 1988.
Matters discussed include significant limitations on the Bill’s scope; the meaning of a ‘real risk of serious harm’; how remedies under the Privacy Act may be available in the event of breaches, and in extreme cases also civil penalty provisions for ‘serious’ or ‘repeated’ breaches; and deficiencies in the transparency of how breaches.
Keywords: privacy, data protection, data breach notification
Suggested Citation: Suggested Citation