Digital Rights Watch welcomes the Government’s move to introduce a mandatory data breach notification scheme.
The Privacy Amendment (Notifiable Data Breaches) Bill 2016 will create a new obligation for organisations that store private information to notify individuals when their security systems have been breached.
Digital Rights Watch Chair, Tim Singleton Norton, supported the introduction of the Bill, saying: “Real data breach obligations are long overdue. The public deserve to be told when the companies or government agencies that hold their data lose control over it.”
“There remain, however, serious concerns that the Bill does not go far enough and is too slow in progressing into law,” he said.
Privacy expert Dr Monique Mann from Queensland University of Technology (QUT) School of Justice supported these concerns, stating: “the requirement to notify individuals about leaked data is significantly watered down with exemptions for law enforcement and broad secrecy provisions.”
Dr Mann warns that “it is unclear that the scheme will will be effective, particularly in relation to information held by Government agencies. There are real questions about whether or not people will actually be notified of data breaches, and if so, when.”
Digital Rights Watch believes that the sheer volume of data that is available to Government agencies makes it extremely important that these obligations apply strictly to the Government.
“The Government is creating larger and larger stores of private information that, when they are attacked, will have devastating consequences”, Mr Singleton Norton said. “The new Data Retention scheme requires unprecedented storage of telecommunications data, a new national biometric capability enables Australians to be tracked wherever they go, and weak privacy laws allow data sharing and aggregation between many different government departments.”
“Government systems that collect and aggregate data are massive targets for malicious attackers. It is critically important that individuals are told when their private information may have been leaked or compromised” said Mr Singleton Norton. “We hope to see amendments to tighten these exceptions when the Bill is debated.”