The Australian federal executive government recently proposed a new law requiring companies subject to the Privacy Act 1988 to issue a breach notification within 30 days of becoming aware of a breach, reports The Sydney Morning Herald. However, non-profits or companies with less than $3 million per year turnover are exempt from the Privacy Act. Therefore, many small companies would not need to notify affected individuals in the event of a breach. Critics of the bill suggest that the law should apply to companies based on the type of information they are collecting as opposed to turnover because many small companies collect and store significant personal information.
If you want to comment on this post, you need to login.