The draft Privacy Amendment (Notification of Serious Data Breaches) Bill proposes to make amendments to the Privacy Act 1988 (Privacy Act) to introduce mandatory data breach notification provisions for regulated agencies, organisations and other entities (entities).
Liberty supports these proposed amendments and welcomes the introduction of a mandatory data notification scheme, particularly following the introduction of the mandatory data retention laws last year. The existing voluntary data breach notification arrangements are not sufficient to protect personal information in this digital age.
The introduction of mandatory data breach notifications is long overdue. The inclusion of the proposed amendments into the Privacy Act support Australian Privacy Principles and are especially important with respect to the open and transparent management of personal information.
The absence of mandatory notification provisions in the Privacy Act undermines public confidence and is inconsistent with the open and transparent management of personal information.