The Australian Government is close to passing its first data breach notification bill. Cybercrime in Australia is on the rise, with 63% of Australian organizations experiencing a cybersecurity incident or breach in the past year. This has led to increasing pressure on the Australian federal government to pass mandatory data breach notification legislation.
An exposure draft of the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 was published and open for public comment in early 2016. Although the legislation was rolled over into the spring session of parliament, it is expected that public pressure will force the legislation through. There has also been considerable criticism about the Bill from Australian businesses.
Regulatory Requirements for Serious Breaches
The new legislation, if passed, will require organizations to notify the Privacy Commissioner and affected individuals (and potentially the media) following a serious breach. As outlined in the bill, a serious breach occurs when there is unauthorized access or the disclosure or loss of customer information, including personal details, credit information or tax information. It is likely that there will be a 30-day grace period to determine if a breach is “serious,” although such delays may prove costly.
Australian organizations need not wait for a final ruling to begin taking steps to prepare for more stringent data protection and breach notification requirements. We’ve offered this same advice when talking about the constantly-shifting regulatory environment in the US and the upcoming global ramifications of the EU General Data Protection Regulation (GDPR). The earlier you start your preparations, the better.
The proposed regulations will apply only to larger organizations, with turnover over $3 million per year. However, organizations of any size who fail to disclose a data breach face media scrutiny and sever brand value repercussions. Moreover, organizations that fail to comply with the new legislation could face fines of up to $1.7 million.
Complying with Australian Privacy Law
To learn more about the specific compliance requirements Australian organizations face, download our whitepaper. Proactive organizations should also research technologies that can extend visibility and control beyond the network. Earlier studies have shown that many data breaches in Australia, as elsewhere, are tied back to mobile devices, the cloud and the Insider Threat. With Absolute Data & Device Security (DDS), organizations can regain control over the endpoint and the data it contains, even if held in cloud storage applications. With insight from Absolute DDS reporting and alerts, you can mitigate data breaches and prove compliance if needed. Learn more at Absolute.com