In a world that is becoming increasingly dependent on technology to operate and function, organisations and governments are gaining more and more access to our personal information. Early in October, the Privacy Amendment (Notifiable Data Breaches) Bill 2016 (Cth) (Bill) was introduced into the Senate which seeks to make adjustments to current privacy legislation.
In its latest report, the Australian Law Reform Commission has stated that due to the high amount of personal data online, there is a heightened risk of identity fraud or theft if a security breach was to occur. As a result, the Federal Government has outlined plans in their recent Privacy Bill to enforce mandatory notifications of data breaches to all affected individuals. Allowing users the opportunity to take all reasonable steps to lessen any adverse results from a breach, such as changing their password.
There are key changes to current privacy legislation that the Bill is aiming to amend, including:
- Reducing the threshold for the notification requirement, to cover situations where there is only a ‘likely risk of harm’;
- Changing the terminology of data breaches from ‘serious data breaches’ to ‘eligible data breaches’; and
- Ensuring that the notifications are communicated directly to the affected individual rather than simply a website notification.
In summary, the main purpose of this Bill is to make sure that organisations and Federal Government Departments are notifying affected individuals if a data breach occurs, and to hold accountable those who do not notify. Failure to notify users about a breach is considered an interference with the individual’s privacy.
Ramifications of the Bill
It is likely that the Bill will pass through Parliament in the next coming weeks. Despite this however, the Bill will only come into effect 12 months from assent. This is to allow the relevant bodies that fall under the privacy legislation to have preparatory procedure in place to deal with a potential data breach, including implementing how they will notify affected individuals.
Let us know your thoughts on the latest privacy data scare by tagging us #lawpath or @lawpath.