Pilgrim: mandatory data breach notifications to ‘strengthen community trust’

Information commissioner Timothy Pilgrim is pleased that a mandatory data breach notification clause has finally been inserted into the federal Privacy Act, and is beginning a 12-month awareness campaign for organisations covered by the new regime.

In 2015-16, 107 voluntary data breach notifications crossed Pilgrim’s desk, with more coming from Commonwealth government bodies than any other sector.

The standard for when organisations covered by the act will have to come clean about unauthorised access, disclosure or loss of personal information to the victims and the commissioner rests on what the consequences could be. According to the explanatory memo:

“A data breach is an eligible data breach where a reasonable person would conclude that there is a likely risk of serious harm to any of the affected individuals as a result of the unauthorised access or unauthorised disclosure (assuming, in the case of loss of information, that the access or disclosure occurred).”

FREE membership to The Mandarin

Receive unlimited access, get all the latest public sector news and features, plus The Juice, our daily news update sent direct to your inbox.

The Mandarin is where Australia's public sector leaders discuss their work and the issues faced within modern bureaucracy. Join today to discover the latest in public administration thinking and news from our dedicated reporters, current and former agency heads and senior executives.