Data Breach Notification – Is this the last nail in the coffin of trust in online living or open government?
Is online still driven by trust?
What drives the internet and life online: technology or trust? Would you make a transaction or interact online without trusting that your credit card details, personal information (such as family and social information) or sensitive information (health, race, etc) would not be misused or treated insecurely? If you answered yes, perhaps the internet is now so ingrained in your daily life that it is too difficult to extricate yourself from it?
It’s easier to build trust when you do not have to report breaches of data. Until the introduction on 22 February, 2018 of the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth) (NDB Act), Australia’s mandatory data breach notification laws were limited.
Australian government tops the charts in reporting voluntary data breaches
Despite this, the Office of the Australia Information Commissioner (OAIC) still received 107 breach notifications in 2015-2016, with the Australian Government leading the way. This is surprising; surely government is one sector we would expect to take the utmost steps to store personal information safely and securely.
Or perhaps the Government was simply acting as a good citizen, reporting breaches that others might have swept under the carpet. If so, the Notifiable Data Breaches Act now puts pressure on those others to also do the right thing.
The new Act amends the Privacy Act 1988 (Cth) (Privacy Act) to introduce Part IIIC – the Notifiable Data Breaches Scheme. The Scheme, which applies to agencies and organisations covered by the Privacy Act, requires them to notify an individual likely to be at risk of serious harm due to a data breach.
What about the NSW Public Sector’s Data Breach obligations?
Generally, NSW public sector agencies are not regulated by the Privacy Act. However, given the expectation on such agencies to act as model citizens, they should take note of the Notifiable Data Breaches Scheme.
If you have any questions regarding this article, please contact Michael Cossetto.
Author: Norman Donato
Contributing partner: Michael Cossetto