In an opinion piece for the National Business Review, InternetNZ Chief Executive Vikram Kumar writes that he hopes the Law Commission recommends making breach notifications compulsory in its upcoming review of the Privacy Act. At present, there are guidelines for organisations to voluntarily notify affected individuals. But mandatory notifications will add costs in the case of a breach, Kumar writes, which would incite companies to better protect data in the first place. Because some argue that mandatory breach notification has not been proven to reduce breaches, Kumar recommends a trial period of two years, after which a determination could be made.
If you want to comment on this post, you need to login.