[Chapter-delegates] ISOC approaches to privacy breach legislation?

Mon Jun 24 22:05:14 PDT 2013

On Sat, June 22, 2013 5:18 pm, Christine Runnegar wrote:
<snippage>
> What is the reaction across communities in Australia to the proposed
> legislation?

See below for a good summary from the Australian Financial Review today.

Note - ACCAN is my employer.

Narelle

Data breach disclosure bill not rushed: inquiry
James Hutchinson
A parliamentary committee has rebuffed industry allegations that the
federal government is rushing through legislation forcing companies to
publicly notify consumers of security breaches.

The Senate committee, which held a snap inquiry into the bill over six
days, voiced support for the proposed legislation on Monday afternoon as
the government seeks to pass dozens of bills before Parliament rises at
the end of the week.

The inquiry prompted concerns from industry groups Communications Alliance
and the Australian Bankers’ Association that the government was rushing
through legislation that would saddle large companies with greater
compliance costs and overlay cumbersome security standards.

Companies face fines of up to $1.7 million for serious or repeat offences
of the proposed law, or $340,000 for individuals, adding to the average
cost of $2.72 million research firm Ponemon said companies paid for
data breaches last year.

But the committee argued the companies had “been afforded ample
opportunity” to comment on the bill, which comes five years after the
Australian Law Reform Commission first recommended the introduction of
mandatory data breach disclosure in 2008.

“The committee agrees that the proposed reform is ‘long overdue’ and would
benefit Australian consumers, as well as industry stakeholders, who would
be simultaneously encouraged to effect and maintain high-quality data
security practices,” it said.

The proposal, which follows similar moves in the United States and
elsewhere, has been championed by the security industry and consumer
groups as ¬beneficial to consumers who may become victims of fraud as a
result, while allowing for a greater public conversation on the need for
security.
Breaches common

Consumer advocacy group the ¬Australian Communications Consumer Action
Network pointed to repeated breaches of major telecommunications companies
as a reason to introduce the reforms.

But peak bodies said new regulations would force some companies to change
IT systems to monitor for potential breaches, or seek legal assurance on
when to disclose minor or major breaches of security.

“Organisations will have to adjust existing compliance systems for
reporting and notification of ¬serious data breaches significantly
affecting identifiable individuals without the knowledge of the scope of
other circumstances which are later defined by regulations,” the ABA said
in a submission to the committee considering the ¬proposal.

Communications Alliance, which represents companies including Telstra,
said industry ¬consultation on the proposal had been rushed by the federal
¬government and companies would not be able to adjust their systems in
time to meet the new laws.

“The implementation of a mandatory data breach system is likely to be
costly,” it said.

“This, of course, may depend on what current systems are in place within
each business, as well as the costs of ensuring compliance with a
mandatory scheme.”

Other groups, such as the ¬Australian Finance Conference, argued there was
no evidence for a market failure that required ¬additional legislation.

from
http://www.afr.com/p/technology/data_breach_disclosure_bill_not_UWFMXBzTyL3QdZGgZ5KzAN