Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.
+1 212 318 2000
Europe, Middle East, & Africa
+44 20 7330 7500
+65 6212 1000
March 21 — Companies operating in Australia would be required to notify the data protection authority and affected individuals of data breaches underlegislation introduced March 20 in the Senate.
The bill would require companies, organizations and government agencies to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of personal data breaches.
The measure would amend the framework Privacy Act 1988, which just underwent other major revisions that took effect March 12.
The bill includes a risk of harm trigger to limit mandatory notice to breaches that pose a “real risk of serious harm to the individual.”
The bill would also authorize the OAIC to issue regulations that would require notice for breaches of particularly sensitive data, such as health information, regardless of a showing of specific serious harm.
In addition, the OAIC would be authorized to exempt a covered entity from the notice requirement on a case-by-case basis if it were “in the public interest.”
Violations of the new provisions would be enforceable under the same framework as the rest of the Privacy Act 1988, which favors attempts to resolve issues short of monetary penalties.
The proposed law would implement a call for a mandatory breach notification law proposed by the Australian Law Reform Commission (ALRC), according to a March 20 explanatory memorandum accompanying the bill.
The ALRC recommended mandatory breach notice in a 2007 draft of its recommendations for reform of the privacy regime in Australia. In August 2008, the commission formally recommended that breach notice be made mandatory.
The Office of the Privacy Commissioner drafted data breach voluntary guidelines in 2008. The guidelines were finalized in 2012.
In June 2013, the previous attempt to move from the voluntary guidelines to a mandatory breach notice law stalled in Parliament.
Full text of the Privacy Amendment (Privacy Alerts) Bill 2014 is available at http://op.bna.com/pl.nsf/r?Open=kjon-9hephw.
Full text of the explanatory memorandum on the bill is available at http://op.bna.com/pl.nsf/r?Open=kjon-9hepka.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).