Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BLOG: Data breach law essential to protect individuals

Teresa Corbin (via SMH) | Aug. 12, 2013
The backlash by industry groups against long-overdue data breach reporting laws would be worrying if it wasn't so predictable, says consumer advocate Teresa Corbin.

Teresa Corbin, chief executive of ACANN, wants to see the bill passed to protect people's personal information.
Teresa Corbin, chief executive of ACANN, wants to see the bill passed to protect people's personal information.

The backlash by industry groups against long-overdue data breach reporting laws would be worrying if it wasn't so predictable, says consumer advocate Teresa Corbin.

If we are to believe industry lobby groups like the Association for Data-driven Marketing and Advertising (ADMA - formerly known as the Australian Direct Marketing Association), the government's proposed laws to make organisations notify consumers of breaches of their personal privacy would be a jobs killer and an unnecessary burden on business.

This is an argument aimed at further delaying a bill already five years in the making that would do no more than see businesses held accountable for being careless with their customers' personal information.

Similar arguments were raised in submissions to the Senate inquiry by representatives of the banking, telecommunications, insurance, finance and credit reporting industries. What all of these industries have in common is that they collect and use huge and ever-increasing amounts of personal information. They also have a vested interest in not being seen to have security problems, and their security practices and records are largely unknown to the public.

The proposed law would simply require organisations to notify their customers if someone gains unauthorised access to personal information, or if the organisation loses or discloses such information (say, by leaving a USB stick with the information on a train).

There are already laws against gaining unauthorised access to information, and organisations are required to protect personal information under the Privacy Act, but this law would for the first time ensure that organisations are required to tell their customers when something goes wrong.

The point of this law is to protect individuals because business has shown through numerous high-profile breaches that it won't take the necessary care with personal data unless compelled.

The notifications would be a clear benefit to all Australians - both by providing consumers with information about organisations with poor data breach histories and by providing an incentive for organisations to improve their data handling practices.

By helping to build consumer trust, the notifications would bring benefits to both business and the community.

Arguments by industry groups that the law is being rushed through with no evidence of widespread breaches are misleading at best. The ADMA even recommended in its submission to the recent Senate inquiry that the proposal be sent to the Australian Law Reform Commission for consideration. But this requirement had already been considered and recommended by the Commission back in 2008.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.