House of Representatives

Privacy Amendment (Notifiable Data Breaches) Bill 2016

Explanatory Memorandum

(Circulated by authority of the Attorney-General, Senator the Hon George Brandis QC)

See at: http://www.alrc.gov.au/publications/report-108.

ALRC Report, paragraphs 51.52 - 51.56.

ALRC Report, paragraphs 51.3 and 51.14.

Data Security and Breach Notification Legislation : Selected Legal Issues , Congressional Research Service, December 28, 2015, p 3.

See the current version of the Data Breach Guide at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches.

See at: https://oaic.gov.au/agencies-and-organisations/guides/guide-to-developing-a-data-breach-response-plan.

Report of the Inquiry into Potential Reforms of Australia's National Security Legislation , Parliamentary Joint Committee on Intelligence and Security, Parliamentary Joint Committee on Intelligence and Security, 2013, pages 167-75.

Report of the Inquiry into Potential Reforms of Australia's National Security Legislation , Parliamentary Joint Committee on Intelligence and Security, 2013, pages 175.

Advisory report on the Telecommunications ( Interception and Access ) Amendment ( Data Retention ) Bill 2014 , 2015, pages 293-5.

See at: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2015/FirstQuarter/Government-Response-To-Committee-Report-On-The-Telecommunications-Interception-And-Access-Amendment-Data-Retention-Bill.aspx.

See at: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2014/FourthQuarter/30October2014-TelecommunicationsInterceptionAndAccessAmendmentDataRetentionBill2014.aspx.

Data Breach Guide, page 2.

Data Breach Guide, page 5.

Telstra Cyber Security Report 2014 , page 19.

Exposing the Cybersecurity Cracks : A Global Perspective Part 1 , Ponemon Institute, pages 2 and 9.

The Battle Continues : Working to Bridge the Data Security Chasm , Protiviti, page 12.

Community Attitudes to Privacy survey Research Report 2013 , Office of the Australian Information Commissioner, 2013 (Community Attitudes Report), page 5.

See at: https://www.oaic.gov.au/media-and-speeches/statements/catch-of-the-day-data-breach.

Attorney-General's Department, Identity Crime and Misuse in Australia 2013-14, p4 at https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity-Crime-and-Misuse-in-Australia-2013-14.pdf.

Identity crime and misuse in Australia : Key findings from the National Identity Crime and Misuse Measurement Framework Pilot , Attorney-General's Department, 2014, page 23.

Identity crime and misuse in Australia : Key findings from the National Identity Crime and Misuse Measurement Framework Pilot , Attorney-General's Department, 2014, page 23.

Following the Data : Dissecting Data Breaches and Debunking Myths, Huq, Numaan, page 7.

Following the Data : Dissecting Data Breaches and Debunking Myths , Huq, Numaan, pages 15-37.

ALRC Report, paragraph 51.4.

See, for example, at: https://www.oaic.gov.au/engage-with-us/submissions/mandatory-data-breach-notification-discussion-paper-submission-to-attorney-general-s-department and https://www.oaic.gov.au/engage-with-us/submissions/inquiry-into-privacy-amendment-privacy-alerts-bill-2013.

See: https://www.oaic.gov.au/engage-with-us/submissions/inquiry-into-privacy-amendment-privacy-alerts-bill-2013.

Telstra Cyber Security Report 2014 , page 30.

Turnaround and Transformation in Cybersecurity : Key Findings from the Global State of Information Security Survey 2016 , PwC, page 24.

LinkedIn Official Blog: Protecting Our Members , available at https://blog.linkedin.com/2016/05/18/protecting-our-members.

See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/adobe-omi.

See at: http://www.oaic.gov.au/privacy/applying-privacy-law/enforceable-undertakings/singtel-optus-enforceable-undertaking.

See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/dibp-omi.

See Sony Pictures Entertainment's notification to affected individuals (made in accordance with Californian mandatory data breach legislation) at: http://oag.ca.gov/system/files/12%2008%2014%20letter_0.pdf.

See at: https://www.oaic.gov.au/media-and-speeches/statements/catch-of-the-day-data-breach.

See at: https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-federal-workers-and-others-from-cyber-threats/.

See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/ashley-madison.

See at: https://www.oaic.gov.au/media-and-speeches/statements/kmart-australia-data-breach and https://www.oaic.gov.au/media-and-speeches/statements/david-jones-data-breach.

2015 Data Breach Investigations Report , Verizon (Verizon Report), page 1.

Internet Security Threat Report 20: Symantec, pages 78-81.

2015 Identity Fraud: Protecting Vulnerable Populations, Javelin Strategy & Research, 2015. See at: https://www.javelinstrategy.com/coverage-area/2015-identity-fraud-protecting-vulnerable-populations.

2016 Cost of Data Breach Study : Australia , Ponemon Institute (Ponemon Report), page 1.

2015 Identity Fraud : Protecting Vulnerable Populations , Javelin Strategy & Research, 2015.

Identity crime and misuse in Australia : Results of the 2014 online survey , Australian Institute of Criminology Research and Public Policy Series 130, pages iii, xi, 22.

Community Attitudes to Privacy survey Research Report 2013 , Office of the Australian Information Commissioner, 2013 (Community Attitudes Report), pages 3-5.

'Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)', Sasha Romanosky, Rahul Telang and Alessandro Acquisti, Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011. See at: http://www.econinfosec.org/archive/weis2008/papers/Romanosky.pdf.

Ponemon Report, page 2-3.

Ponemon Report, page 1-2.

Deloitte Australian Privacy Index 2016 : Trust Without Borders , Deloitte, 2016 (Deloitte Report), page 11.

Consumer Attitudes Towards Data Breach Notifications , Rand Corporation, page 26.

See at: http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/.

See at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guide-to-securing-personal-information.

Privacy and the Internet : Australian Attitudes Towards Privacy in the Online Environment , Centre for Internet Safety, 2012, page 1.

Ponemon Report, page 2.

2016 Cost of Data Breach Study : Global Analysis , Ponemon Institute, page 2.

Community Attitudes to Privacy Survey Research Report 2013 : OAIC.

The Battle Continues : Working to Bridge the Data Security Chasm , Protiviti, 2015, 23.

Ponemon Report, page 3.

Based on statistics AGD commissioned from the Australian Bureau of Statistics in 2013.

Deloitte Australian Privacy Index 2016 : Trust Without Borders , Deloitte, page 13.

Ponemon Report, pages 1-3.

Ponemon Report, page 14.

Ponemon Report, page 11.

Ponemon Report, page 12.

Ponemon Report, 1, 12.

Insurance Banana Skins 2015 : The CFSI Survey of the Risks Facing Insurers , PWC, pages 16-17.

Recent Australia Privacy Incidents Compared to Rest of World : Insurance Response , Lowenstein, Eric and Kevin Kalinich, Privacy Law Bulletin April 2015. Cyber Insurance Research Paper , Centre for Internet Safety, 2013, pages 7-8.

Turnaround and Transformation in Cybersecurity : Key Findings from the Global State of Information Security Survey 2016 , PwC, pages 15-16.

Hacks , attacks and outages cause surge in cyber insurance , Australian Financial Review, 23 August 2016.

Code Guidelines, pages 4-5.

Ponemon Report, page 9.

Data Breach Guide, page 8.

Ponemon Report, page 12.


View full documentView full documentBack to top