The introduction of data breach notification legislation in Australia: a comparative view

Angela Daly*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

15 Citations (Scopus)
20 Downloads (Pure)

Abstract

This article argues that Australia's recently-passed data breach notification legislation, the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), and its coming into force in 2018, makes an internationally important, yet imperfect, contribution to data breach notification law. Against the backdrop of data breach legislation in the United States and European Union, a comparative analysis is undertaken between these jurisdictions and the Australian scheme to elucidate this argument. Firstly, some context to data breach notification provisions is offered, which are designed to address some of the problems data breaches cause for data privacy and information security. There have been various prominent data breaches affecting Australians over the last few years, which have led to discussion of what can be done to deal with their negative effects. The international context of data breach notification legislation will be discussed, with a focus on the United States and European Union jurisdictions, which have already adopted similar laws. The background to the adoption of the Australia legislation will be examined, including the general context of data privacy and security protection in Australia. The reform itself will be then be considered, along with the extent to which this law is fit for purpose and some outstanding concerns about its application. While data breach notification requirements are likely to be a positive step for data security, further reform is probably necessary to ensure strong cybersecurity. However, such reform should be cognisant of the international trends towards the adoption of data security measures including data breach notification, but lack of alignment in standards, which may be burdensome for entities operating in the transnational data economy.

Original languageEnglish
Pages (from-to)477-495
Number of pages19
JournalComputer Law and Security Review
Volume34
Issue number3
Early online date6 Mar 2018
DOIs
Publication statusPublished - 1 Jun 2018

Keywords

  • Australia
  • data breach notification
  • data protection
  • data security
  • European Union
  • FTC
  • GDPR
  • US

Fingerprint

Dive into the research topics of 'The introduction of data breach notification legislation in Australia: a comparative view'. Together they form a unique fingerprint.

Cite this