House of Representatives
Privacy Amendment (Notifiable Data Breaches) Bill 2016
Explanatory Memorandum
(Circulated by authority of the Attorney-General, Senator the Hon George Brandis QC)See at: http://www.alrc.gov.au/publications/report-108.
ALRC Report, paragraphs 51.52 - 51.56.
ALRC Report, paragraphs 51.3 and 51.14.
Data Security and Breach Notification Legislation : Selected Legal Issues , Congressional Research Service, December 28, 2015, p 3.
See the current version of the Data Breach Guide at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-guide-to-handling-personal-information-security-breaches.
See at: https://oaic.gov.au/agencies-and-organisations/guides/guide-to-developing-a-data-breach-response-plan.
Report of the Inquiry into Potential Reforms of Australia's National Security Legislation , Parliamentary Joint Committee on Intelligence and Security, Parliamentary Joint Committee on Intelligence and Security, 2013, pages 167-75.
Report of the Inquiry into Potential Reforms of Australia's National Security Legislation , Parliamentary Joint Committee on Intelligence and Security, 2013, pages 175.
Advisory report on the Telecommunications ( Interception and Access ) Amendment ( Data Retention ) Bill 2014 , 2015, pages 293-5.
See at: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2015/FirstQuarter/Government-Response-To-Committee-Report-On-The-Telecommunications-Interception-And-Access-Amendment-Data-Retention-Bill.aspx.
See at: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2014/FourthQuarter/30October2014-TelecommunicationsInterceptionAndAccessAmendmentDataRetentionBill2014.aspx.
Data Breach Guide, page 2.
Data Breach Guide, page 5.
Telstra Cyber Security Report 2014 , page 19.
Exposing the Cybersecurity Cracks : A Global Perspective Part 1 , Ponemon Institute, pages 2 and 9.
The Battle Continues : Working to Bridge the Data Security Chasm , Protiviti, page 12.
Community Attitudes to Privacy survey Research Report 2013 , Office of the Australian Information Commissioner, 2013 (Community Attitudes Report), page 5.
See at: https://www.oaic.gov.au/media-and-speeches/statements/catch-of-the-day-data-breach.
Attorney-General's Department, Identity Crime and Misuse in Australia 2013-14, p4 at https://www.ag.gov.au/RightsAndProtections/IdentitySecurity/Documents/Identity-Crime-and-Misuse-in-Australia-2013-14.pdf.
Identity crime and misuse in Australia : Key findings from the National Identity Crime and Misuse Measurement Framework Pilot , Attorney-General's Department, 2014, page 23.
Identity crime and misuse in Australia : Key findings from the National Identity Crime and Misuse Measurement Framework Pilot , Attorney-General's Department, 2014, page 23.
Following the Data : Dissecting Data Breaches and Debunking Myths, Huq, Numaan, page 7.
Following the Data : Dissecting Data Breaches and Debunking Myths , Huq, Numaan, pages 15-37.
ALRC Report, paragraph 51.4.
See, for example, at: https://www.oaic.gov.au/engage-with-us/submissions/mandatory-data-breach-notification-discussion-paper-submission-to-attorney-general-s-department and https://www.oaic.gov.au/engage-with-us/submissions/inquiry-into-privacy-amendment-privacy-alerts-bill-2013.
See: https://www.oaic.gov.au/engage-with-us/submissions/inquiry-into-privacy-amendment-privacy-alerts-bill-2013.
Telstra Cyber Security Report 2014 , page 30.
Turnaround and Transformation in Cybersecurity : Key Findings from the Global State of Information Security Survey 2016 , PwC, page 24.
LinkedIn Official Blog: Protecting Our Members , available at https://blog.linkedin.com/2016/05/18/protecting-our-members.
See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/adobe-omi.
See at: http://www.oaic.gov.au/privacy/applying-privacy-law/enforceable-undertakings/singtel-optus-enforceable-undertaking.
See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/dibp-omi.
See Sony Pictures Entertainment's notification to affected individuals (made in accordance with Californian mandatory data breach legislation) at: http://oag.ca.gov/system/files/12%2008%2014%20letter_0.pdf.
See at: https://www.oaic.gov.au/media-and-speeches/statements/catch-of-the-day-data-breach.
See at: https://www.opm.gov/news/releases/2015/07/opm-announces-steps-to-protect-federal-workers-and-others-from-cyber-threats/.
See at: https://www.oaic.gov.au/privacy-law/commissioner-initiated-investigation-reports/ashley-madison.
See at: https://www.oaic.gov.au/media-and-speeches/statements/kmart-australia-data-breach and https://www.oaic.gov.au/media-and-speeches/statements/david-jones-data-breach.
2015 Data Breach Investigations Report , Verizon (Verizon Report), page 1.
Internet Security Threat Report 20: Symantec, pages 78-81.
2015 Identity Fraud: Protecting Vulnerable Populations, Javelin Strategy & Research, 2015. See at: https://www.javelinstrategy.com/coverage-area/2015-identity-fraud-protecting-vulnerable-populations.
2016 Cost of Data Breach Study : Australia , Ponemon Institute (Ponemon Report), page 1.
2015 Identity Fraud : Protecting Vulnerable Populations , Javelin Strategy & Research, 2015.
Identity crime and misuse in Australia : Results of the 2014 online survey , Australian Institute of Criminology Research and Public Policy Series 130, pages iii, xi, 22.
Community Attitudes to Privacy survey Research Report 2013 , Office of the Australian Information Commissioner, 2013 (Community Attitudes Report), pages 3-5.
'Do Data Breach Disclosure Laws Reduce Identity Theft? (Updated)', Sasha Romanosky, Rahul Telang and Alessandro Acquisti, Journal of Policy Analysis and Management, Vol. 30, No. 2, pp. 256-286, 2011. See at: http://www.econinfosec.org/archive/weis2008/papers/Romanosky.pdf.
Ponemon Report, page 2-3.
Ponemon Report, page 1-2.
Deloitte Australian Privacy Index 2016 : Trust Without Borders , Deloitte, 2016 (Deloitte Report), page 11.
Consumer Attitudes Towards Data Breach Notifications , Rand Corporation, page 26.
See at: http://www.oaic.gov.au/privacy/applying-privacy-law/app-guidelines/.
See at: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guide-to-securing-personal-information.
Privacy and the Internet : Australian Attitudes Towards Privacy in the Online Environment , Centre for Internet Safety, 2012, page 1.
Ponemon Report, page 2.
2016 Cost of Data Breach Study : Global Analysis , Ponemon Institute, page 2.
Community Attitudes to Privacy Survey Research Report 2013 : OAIC.
The Battle Continues : Working to Bridge the Data Security Chasm , Protiviti, 2015, 23.
Ponemon Report, page 3.
Based on statistics AGD commissioned from the Australian Bureau of Statistics in 2013.
Deloitte Australian Privacy Index 2016 : Trust Without Borders , Deloitte, page 13.
Ponemon Report, pages 1-3.
Ponemon Report, page 14.
Ponemon Report, page 11.
Ponemon Report, page 12.
Ponemon Report, 1, 12.
Insurance Banana Skins 2015 : The CFSI Survey of the Risks Facing Insurers , PWC, pages 16-17.
Recent Australia Privacy Incidents Compared to Rest of World : Insurance Response , Lowenstein, Eric and Kevin Kalinich, Privacy Law Bulletin April 2015. Cyber Insurance Research Paper , Centre for Internet Safety, 2013, pages 7-8.
Turnaround and Transformation in Cybersecurity : Key Findings from the Global State of Information Security Survey 2016 , PwC, pages 15-16.
Hacks , attacks and outages cause surge in cyber insurance , Australian Financial Review, 23 August 2016.
Code Guidelines, pages 4-5.
Ponemon Report, page 9.
Data Breach Guide, page 8.
Ponemon Report, page 12.