House of Representatives
Privacy Amendment (Notifiable Data Breaches) Bill 2016
Explanatory Memorandum
(Circulated by authority of the Attorney-General, Senator the Hon George Brandis QC)See at: http://www.alrc.gov.au/publications/report-108.
ALRC Report, paragraphs 51.52 - 51.56.
ALRC Report, paragraphs 51.3 and 51.14.
Data Security and Breach Notification Legislation : Selected Legal Issues , Congressional Research Service, December 28, 2015, p 3.
See the current version of the Data Breach Guide at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches.
See at: https://oaic.gov.au/agencies-and-organisations/guides/guide-to-developing-a-data-breach-response-plan.
Report of the Inquiry into Potential Reforms of Australia's National Security Legislation , Parliamentary Joint Committee on Intelligence and Security, Parliamentary Joint Committee on Intelligence and Security, 2013, pages 167-75.
Report of the Inquiry into Potential Reforms of Australia's National Security Legislation , Parliamentary Joint Committee on Intelligence and Security, 2013, pages 175.
Advisory report on the Telecommunications ( Interception and Access ) Amendment ( Data Retention ) Bill 2014 , 2015, pages 293-5.
See at: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2015/FirstQuarter/Government-Response-To-Committee-Report-On-The-Telecommunications-Interception-And-Access-Amendment-Data-Retention-Bill.aspx.
See at: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2014/FourthQuarter/30October2014-TelecommunicationsInterceptionAndAccessAmendmentDataRetentionBill2014.aspx.
Data Breach Guide, page 2.
Data Breach Guide, page 5.
Telstra Cyber Security Report 2014 , page 19.
Exposing the Cybersecurity Cracks : A Global Perspective Part 1 , Ponemon Institute, pages 2 and 9.
The Battle Continues : Working to Bridge the Data Security Chasm , Protiviti, page 12.
Community Attitudes to Privacy survey Research Report 2013 , Office of the Australian Information Commissioner, 2013 (Community Attitudes Report), page 5.
See at: https://www.oaic.gov.au/media-and-speeches/statements/catch-of-the-day-data-breach.
Attorney-General's Department, Identity Crime and Misuse in Australia 2013-14, p4 at https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity-Crime-and-Misuse-in-Australia-2013-14.pdf.
Identity crime and misuse in Australia : Key findings from the National Identity Crime and Misuse Measurement Framework Pilot , Attorney-General's Department, 2014, page 23.
Identity crime and misuse in Australia : Key findings from the National Identity Crime and Misuse Measurement Framework Pilot , Attorney-General's Department, 2014, page 23.
Following the Data : Dissecting Data Breaches and Debunking Myths, Huq, Numaan, page 7.
Following the Data : Dissecting Data Breaches and Debunking Myths , Huq, Numaan, pages 15-37.
ALRC Report, paragraph 51.4.
See, for example, at: https://www.oaic.gov.au/engage-with-us/submissions/mandatory-data-breach-notification-discussion-paper-submission-to-attorney-general-s-department and https://www.oaic.gov.au/engage-with-us/submissions/inquiry-into-privacy-amendment-privacy-alerts-bill-2013.
See: https://www.oaic.gov.au/engage-with-us/submissions/inquiry-into-privacy-amendment-privacy-alerts-bill-2013.
Telstra Cyber Security Report 2014 , page 30.
Turnaround and Transformation in Cybersecurity : Key Findings from the Global State of Information Security Survey 2016 , PwC, page 24.
LinkedIn Official Blog: Protecting Our Members , available at https://blog.linkedin.com/2016/05/18/protecting-our-members.
See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/adobe-omi.
See at: http://www.oaic.gov.au/privacy/applying-privacy-law/enforceable-undertakings/singtel-optus-enforceable-undertaking.
See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/dibp-omi.
See Sony Pictures Entertainment's notification to affected individuals (made in accordance with Californian mandatory data breach legislation) at: http://oag.ca.gov/system/files/12%2008%2014%20letter_0.pdf.
See at: https://www.oaic.gov.au/media-and-speeches/statements/catch-of-the-day-data-breach.
See at: https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-federal-workers-and-others-from-cyber-threats/.
See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/ashley-madison.
See at: https://www.oaic.gov.au/media-and-speeches/statements/kmart-australia-data-breach and https://www.oaic.gov.au/media-and-speeches/statements/david-jones-data-breach.
2015 Data Breach Investigations Report , Verizon (Verizon Report), page 1.
Internet Security Threat Report 20: Symantec, pages 78-81.
2015 Identity Fraud: Protecting Vulnerable Populations, Javelin Strategy & Research, 2015. See at: https://www.javelinstrategy.com/coverage-area/2015-identity-fraud-protecting-vulnerable-populations.
2016 Cost of Data Breach Study : Australia , Ponemon Institute (Ponemon Report), page 1.
2015 Identity Fraud : Protecting Vulnerable Populations , Javelin Strategy & Research, 2015.
Identity crime and misuse in Australia : Results of the 2014 online survey , Australian Institute of Criminology Research and Public Policy Series 130, pages iii, xi, 22.
Community Attitudes to Privacy survey Research Report 2013 , Office of the Australian Information Commissioner, 2013 (Community Attitudes Report), pages 3-5.
'Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)', Sasha Romanosky, Rahul Telang and Alessandro Acquisti, Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011. See at: http://www.econinfosec.org/archive/weis2008/papers/Romanosky.pdf.
Ponemon Report, page 2-3.
Ponemon Report, page 1-2.
Deloitte Australian Privacy Index 2016 : Trust Without Borders , Deloitte, 2016 (Deloitte Report), page 11.
Consumer Attitudes Towards Data Breach Notifications , Rand Corporation, page 26.
See at: http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/.
See at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guide-to-securing-personal-information.
Privacy and the Internet : Australian Attitudes Towards Privacy in the Online Environment , Centre for Internet Safety, 2012, page 1.
Ponemon Report, page 2.
2016 Cost of Data Breach Study : Global Analysis , Ponemon Institute, page 2.
Community Attitudes to Privacy Survey Research Report 2013 : OAIC.
The Battle Continues : Working to Bridge the Data Security Chasm , Protiviti, 2015, 23.
Ponemon Report, page 3.
Based on statistics AGD commissioned from the Australian Bureau of Statistics in 2013.
Deloitte Australian Privacy Index 2016 : Trust Without Borders , Deloitte, page 13.
Ponemon Report, pages 1-3.
Ponemon Report, page 14.
Ponemon Report, page 11.
Ponemon Report, page 12.
Ponemon Report, 1, 12.
Insurance Banana Skins 2015 : The CFSI Survey of the Risks Facing Insurers , PWC, pages 16-17.
Recent Australia Privacy Incidents Compared to Rest of World : Insurance Response , Lowenstein, Eric and Kevin Kalinich, Privacy Law Bulletin April 2015. Cyber Insurance Research Paper , Centre for Internet Safety, 2013, pages 7-8.
Turnaround and Transformation in Cybersecurity : Key Findings from the Global State of Information Security Survey 2016 , PwC, pages 15-16.
Hacks , attacks and outages cause surge in cyber insurance , Australian Financial Review, 23 August 2016.
Code Guidelines, pages 4-5.
Ponemon Report, page 9.
Data Breach Guide, page 8.
Ponemon Report, page 12.
Copyright notice
© Australian Taxation Office for the Commonwealth of Australia
You are free to copy, adapt, modify, transmit and distribute material on this website as you wish (but not in any way that suggests the ATO or the Commonwealth endorses you or any of your services or products).
