Draft Voluntary Information Security Breach Notification Guide

The Office of the Privacy Commissioner has released a consultation paper seeking views on a draft voluntary information security breach notification guide.The Privacy Act 1988 (Cth) does not specifically require an agency or organisation to notify individuals or the Privacy Commissioner of a breach of information security. However the issue of an amendment to the Privacy Act to require mandatory data breach notification is under consideration as part of the Australian Law Reform Commission’s review of privacy. The Office has developed a voluntary guide to assist agencies and organisations to respond to information security breaches and take steps to prevent such incidents from occurring. The move follows several major high-profile data breaches occurring in the United Kingdom and the United States which have collectively resulted in the loss of millions of people’s personal information.
Comments are invited by 16 June and may be emailed to consultation@privacy.gov.au.