A list of legislation proposed for introduction in the 2016 Spring sittings has been released and shows the Privacy Amendment (Notifiable Data Breaches) Bill is set to be introduced. If passed, the instrument would amend the Privacy Act 1988 to introduce a mandatory data breach notification scheme.
The Attorney General's Department conducted a consultation in relation to the proposed laws earlier this year which saw the exposure draft criticized, principally in relation to the lack of clarity around what was a 'real risk of serious harm'. Submissions argued that the lack of clarity may lead to an overly cautious approach, resulting in consumers experiencing notification fatigue. Noticeably, the word 'serious' has now disappeared from the title of the bill. We expect some of the issues in the earlier draft will arise as discussed here.
In the meantime, there continues to be a voluntary notification scheme. In our experience under the voluntary scheme, a business' motivation to notify is usually driven by a wish to avoid further harm by allowing affected individuals to take steps to mitigate any potential loss and a wish to be transparent with affected individuals and regulators.
We will provide a further update and overview of the ramifications for your business, when the bill is tabled and passes through Parliament.
This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.
We operate a free-to-view policy, asking only that you register in order to read all of our content. Please login or register to view the rest of this article.