Sick of having your data breached by giant corporations? The Federal Attorney-General is here to help: the AG Mark Dreyfus has today announced that the government would introduce legislation that would force companies — both large and small — to disclose breaches of customer data. Here’s when it takes effect.
The legislation comes into effect from March 12, 2014 and will “require notification of serious data breaches that will result in a real risk of serious harm”. That’s a pretty open-ended statement, so we’re not exactly sure how much or how little a company would be required to disclose if there was in-fact a data breach, nor does it spell out what “serious harm” actually is. We’ll find out more when the legislation hits Parliament soon.
Attorney-General Mark Dreyfus used the presser to beat companies like Sony and Telstra with a stick over their recent data breaches.
This legislation has been proposed by the Australian Law Reform Commission since 2008, and since then we’ve had to endure a number of data breaches from the likes of Telstra, Vodafone, Sony, Blizzard, AAPT and even the ABC. Under current legislation, companies have no legal requirement to disclose that they even happened to customers who may have had their details compromised, leading us all to wonder about the data breaches we haven’t heard about over the last decade.