Attorney-General Mark Dreyfus. Photo: Andrew Meares
Businesses and government agencies will be forced to disclose privacy breaches under draft laws to be introduced to Federal Parliament on Wednesday.
Attorney-General Mark Dreyfus said there have been some "spectacular" recent examples of data breaches where names and personal information have been disclosed publicly - via Sony PlayStation, Australia Post, Vodafone and Telstra.
He said the draft laws to be introduced on Wednesday could pass through Parliament before the September election.
Mr Dreyfus said for most companies that already had "good data hygiene", the changes won't present too much of a challenge.
Teresa Corbin, chief executive of the Australian Communications Consumer Action Network (ACCAN), welcomed the proposed legislation.
"Consumers have a right to know when their personal information has been compromised and should not have to rely on media coverage to find out about security breaches," she said.
"The new laws will create a blanket standard and provide incentives for all organisations to take better care of their data."
Mr Dreyfus defended the timing of the announcement, saying the Australian Law Reform Commission recommended the measures in 2008 and a discussion paper was put out last year. If passed, the changes are likely to come into effect in March 2014.
Under the plan, affected customers and the Office of the Australian Information Commissioner will have to be notified of data breaches.
The notification requirements only apply to data breaches where there is risk of serious harm.
The commissioner will be able to seek civil penalties if there is serious or repeated non-compliance with the notification requirements.
Sign up for CIO Asia eNewsletters.