The Attorney-General has published a discussion paper on the topic

Oct 17, 2012 11:48 GMT  ·  By

Who should be notified in case of a data breach? Customers, authorities or both? That’s one of the questions Australian authorities are hoping to answer before issuing new data breach notification laws.

Current legislation only encourages companies to disclose data breaches to the Commonwealth Privacy Commissioner. However, the new law might force them to do so.

Attorney-General Nicola Roxon has published a discussion paper entitled Australian Privacy Breach Notification, seeking comment on the topic.

The discussion paper not only outlines the advantages and disadvantages of the current legislation, but it also compares it to the one of other countries such as UK, Ireland, Canada, New Zealand and European Union member states.

Authorities want to learn from the public if a mandatory notification law should be introduced, what kind of incidents should trigger notification requirements, and who should decide if notification is necessary.

Other questions the Attorney-General hopes to answer are “What should be reported and how quickly?”, “How should a notification requirement be enforced?” and “Who should be subject to a mandatory data breach notification law?”