Data breach notification scheme an important step towards building trust with public’s right to privacy

Privacy advocates Digital Rights Watch have welcomed the start of a national mandatory data breach notification scheme. The Privacy Amendment (Notifiable Data Breaches) Bill 2016 created a new obligation for organisations that store personal information to notify individuals when their security systems have been breached, and the scheme goes into effect from today.

Digital Rights Watch Chair, Tim Singleton Norton, supported the launch of the scheme, saying: “Real data breach obligations are long overdue. The public deserve to be told when the companies or government agencies that hold their data lose control over it.”

“It has also been very welcome to see the Government genuinely invest in educating businesses and organisations as to their responsibilities and requirements under this legislation. Without better education about the ramifications of data breaches, we will never see real traction in this area.”

“Data security can only be guaranteed if all elements of protection are addressed. The massive data breach from the Red Cross Blood Service that saw 550,000 blood donors’ personal information leaked was attributed to human error, and the recently unearthed highly classified Cabinet Files were discovered in a second hand filing cabinet that was accidentally sold. These incidents teach us that it is often not the digital system that require security measures, but the education, attitude and responsibility of the people charged with managing these data sources that is so integral to changing the way we protect data.”

“This scheme goes some way towards addressing the huge mistrust that the public already have when it comes to the protection of their personal data. We do remain concerned that the sheer volume of data that is available to Government agencies makes them the primary concern when it comes to protecting the individual privacy of Australian citizens,” said Mr Singleton Norton.

“The Government is creating larger and larger stores of information that, when they are attacked or maliciously leaked, will have devastating consequences. The mandatory metadata retention scheme requires unprecedented storage of telecommunications data, a new national biometric capability enables Australians to be tracked wherever they go, and weak privacy laws allow data sharing and aggregation between many different government departments.”

“Government systems that collect and aggregate data are massive targets for malicious attackers. It is critically important that individuals are told when their private information may have been leaked or compromised.”

“We welcome the introduction of this notifying scheme, and look forward to more rigorous application of the much needed checks, balances, oversight and consequences that it creates,” he concluded.