The Federal Government has stated that it will "introduce a mandatory data breach notification scheme by the end of 2015, and will consult on draft legislation."
The statement was made in the recent Attorney-General's and Minister for Communications' joint media release in response to the Parliamentary Joint Committee on Intelligence and Security's Advisory Report on the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 (Data Retention Bill).
At this stage, it is unclear whether the Government intends to restrict the scheme to entities subject to the Data Retention Bill, or adopt a broader mandatory notification scheme by extending it to all entities subject to the Australian Privacy Principles. Both of these options were discussed in the Joint Committee's Advisory Report.
The previous Government introduced the Privacy Amendment (Privacy Alerts) Bill 2013 (Privacy Alerts Bill), which contained a mandatory notification scheme for serious data breaches (see our previous article "Mandatory notification scheme for privacy breaches") however, it lapsed on prorogation of the 43rd Parliament.
The Privacy Alerts Bill was reintroduced as a private Senator's Bill on 20 March 2014, but was subject to initial opposition by the Attorney-General, suggesting that the Government has a different regime that it proposes to implement.
We will continue to keep you informed on developments in this area.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
