Australian Privacy Commissioner Karen Curtis last week renewed her call for the compulsory notification of data security breaches by Australian organisations.
Frustrated by continuing data breaches, Curtis said organisations need to be forced into securing data and their databases.
“While reporting would need to be proportional to the severity of the breach, it would provide organisations with a strong market incentive to adequately secure their databases,” Curtis said.
“It would also give people an opportunity to take any necessary steps to protect their personal information.”
Her call for mandatory reporting is made in a 786-page submission by the Office to the Australian Law Reform Commission in response to its privacy law review.
New Zealand Privacy Commissioner Marie Shroff is currently developing a voluntary code of practice to cover such breaches. Other recommendations in the Australian submission include creating codes for specific concerns that can be applied in addition to uniform privacy principles, in addition to minimising exemptions from the Privacy Act.
Curtis also wants more stringent requirements for the health sector and credit reporting and audit power for her office.
A final report responding to the discussion paper will be sent to the Australian Attorney General in coming months for consideration.