The Government has agreed with a Parliamentary Joint Committee on Intelligence and Security (PJCIS) recommendation to introduce a mandatory data breach notification scheme before the end of the year.
Consisting of six Liberal/National MPs and four Labor members, the PJCIS committee said such a scheme would be an effective mitigation strategy for those affected by a data breach. The recommendation is to implement this legislation prior to the forthcoming Metadata Retention laws. Doing so will provide an incentive for Telcos to implement stronger security practices to protect personal information. Of course mandatory breach notification will cross all industries and ultimately help protect Australian’s from identity theft.
Australia’s Privacy Commissioner Timothy Pilgrim responded,
“I welcome the Government’s support for a mandatory data breach notification scheme. Data breach notification can increase consumer trust and mitigate against reputational damage. It is an important step to further protect the personal information of Australians.”<
Mandatory breach notification has been on the agenda for some time now. Unfortunately the current government required more work in terms of wording and definitions. There are many benefits to mandatory data breach notification laws.
In response to Recommendation 38 of the Inquiry, the government “agrees to introduce a mandatory data breach notification scheme by the end of 2015, and will consult on draft legislation.”
In preparation, businesses can review the Office of Australian Information Commissioner (OAIC)’s Data Breach Notification Guide. We also recommend reviewing the OAIC’s Guide to Securing Personal Information. The Guide includes steps and strategies to minimise the risk of a ‘trusted insider’ breach, and to emphasise the necessity of designing and building-in security measures that factor in human error. The 5th step involves ‘destroying or de-identify the personal information when it is no longer needed’.
You can read the full article on the PJCIS push for Mandatory Data Breach Notification at iTnews.com.au and the Government’s Official Response to the Inquiry.
Shred-X is a proud sponsor of IAPPANZ and partner of the Privacy Awareness Week Initiative.
For nearly 15 years Shred-X Document Destruction has been the leader in secure destruction services. We assist organisations in complying with the Privacy Act 1988 and its Amendments providing tailored services to thousands of commercial sites and households across Australia.
Shred-X is very proud to be the ONLY Australian document destruction company with eight (8) NAID AAA certified sites across Australia: