A new discussion paper regarding mandatory privacy breach notification has received the support of Australian privacy commissioner Timothy Pilgrim.
The paper, which was released earlier this month by the Attorney-General’s department, has called for community input over whether or not organisations should be required to inform the public when a security incident results in the loss of personal information.
Obviously the best way to approach the threat of data theft is through a prevention-first approach, by utilising security audit and penetration testing evaluations to ensure information is adequately protected and vulnerability management is up to scratch.
However Mr Pilgrim has argued that when security breaches do occur, notifying affected parties is a good idea as it could potentially help people regain control of stolen or lost information, by allowing them to change compromised passwords and financial details.
said Mr Pilgrim in a statement released October 17.
Currently organisations impacted by a security incident are encouraged to utilise a guide on voluntary data breach notification which was produced by the Office of the Australian Information Commissioner.
But Mr Pilgrim believes that the public is only being made aware of a very small percentage of data breaches, and that Australian customers may often be unaware that their personal data has been compromised.
said Mr Pilgrim.
Consultation on the paper is open until November 23, and the public is being encouraged to give feedback on a range of topics.
Issues up for debate include whether or not the government should require mandatory privacy breach notification, what amount of information should be reported, and what should be the penalty for failing to notify.