Having just returned from holidays this week and readjusting to the reality of routines and digital connections (FYI: I was on a cruise ship for 11 days travelling around the South Pacific with no Internet connection for the most part and no concept of time all of the time!), I am a little dry on regional privacy news!

Thankfully over the last 48 hours, my news feed has been dominated by updates from the U.S. on President Barack Obama’s federal data breach notification proposal that would require companies to inform their customers of a data breach within 30 days of discovering their information has been hacked.

Never to disappoint on coining some great one liners, my favourite quote from Obama’s announcement: “If we're going to be connected, then we need to be protected.” One minor variation—if I may—we are all connected, so we must all be protected.

ADVERTISEMENT

Syrenis ad, a privacy professional's AI checkilist

Mandatory data breach reporting laws have been on the Australian political radar for some time, so we are all waiting for the next instalment. A brief timeline is below.

  • May 2008: The Australian Law Reform Commission recommended the introduction of laws that require organisations to notify authorities and affected individuals if a breach occurred and if those individuals could experience serious harm as a result.
  • June 2013: Labor Minister and Attorney-General Mark Dreyfus introduced the Privacy Amendment (Privacy Alerts) Bill 2013 to the House of Representatives. The bill made it to the Senate but ran out of time before it was able to receive the Senate’s approval.
  • 20 March 2014: Labor Sen. Lisa Singh reintroduced the bill to the Senate as the Privacy Amendment (Privacy Alerts) Bill 2014. To see the bill, visit www.aph.gov.au and search for “Privacy Amendment (Privacy Alerts) Bill 2014.” The 2014 bill has not had any public consultation.

There has been some criticism of the bill in its current form. The Cyberspace Law and Policy Centre, part of the University of New South Wales’ Faculty of Law, wrote that while a mandatory data breach notification scheme is “often helpful … The Privacy Alerts Bill is however a ‘lite’ version of a Mandatory Data Breach Notification law … Future international comparisons may show that, if passed in the current form, it will fall well short of best practice, and there may thus also be many Australians who might expect (and need!) to be notified under this model who may be still left in the current unsatisfactory limbo.”

Shortcomings or not, one thing seems inevitable: an international trend to reinforce organisational accountability for consumer privacy as custodians of data that generate lucrative opportunities for business as well as facilitating consumer convenience. While reinforcing this as a top priority is helpful, it begs the question of whether such laws would have the necessary enforcement teeth to be effective rather than simply a PR exercise.

So, a race to the finish line ... Australia certainly has a head start with proposed laws circulating the parliamentary horizon for some time. Do President Obama’s legislative proposals have sufficient ‘oomph’ to get through Congress?

Til next week, when I should have collected some more regional news!