iscover
Daniel CroftShare this article on:
Powered by
MOMENTUM
MEDIA
In a nationwide first, the NSW government is set to pass new legislation that introduces a mandatory notification of data breach scheme for public sector agencies, while also setting new accountability and transparency standards.
The Privacy and Personal Information Protection Amendment Bill 2022 has been a long time coming, with former privacy commissioner Elizabeth Coombs first calling for changes that would require agencies to notify the privacy commission and affected persons in the event of a data breach seven years ago.
“Every day, the people of NSW offer their personal information to government agencies, which is a significant undertaking of trust,” said Attorney-General Mark Speakman.
“In doing so, they enable the government to provide them with quality, connected services, and the information required to continually improve these services to best meet their needs.
“In return, the government has a responsibility to effectively and proactively protect and respect that personal information.
“Once passed, this new law will provide consistency across public sector agencies by making it mandatory for public sector agencies to notify the privacy commissioner and those impacted by a data breach involving personal information which is likely to result in serious harm,” added Speakman.
“Agencies will also have to satisfy a number of data management requirements, including making reasonable attempts to mitigate the harm done by a data breach, maintaining an internal data breach incident register, and have a publicly accessible data breach policy.”
Australia has become a major target of cyber crime in the last few months, which saw a barrage of breaches with Optus, Medibank, Defence contractor ForceNet and more.
According to the Australian National University, around one in three Australians (32.1 per cent) have been exposed to data breaches over the last 12 months. This equates to around 6.4 million people.
Victor Dominello, NSW Minister for Customer Service and Digital Government has said that the government is making major investments in state cyber security and the protection of personal information and data.
“The protection of people’s privacy is crucial to ensure public confidence in NSW government agencies. It is imperative that the highest standards of privacy and security prevail to safeguard data,” Dominello said.
“The NSW government has made significant investments to protect citizens’ data, including funding $315 million to bolster our cyber systems and by launching ID Support NSW to help those impacted by identify theft.
“The bill will provide greater certainty for the public and government agencies regarding personal information and the steps required if a data breach occurs.
“A mandatory notification scheme also ensures that the ability for an affected citizen to take their own protective action is a primary consideration in any data breach response.”
The new proposed legislation follows the federal governments push to further penalise businesses and institutions for data breaches.
The bill, which has passed through the lower house, would make it so that companies that fail to secure important data could face penalties of tens of millions to hundreds of millions of dollars.
Be the first to hear the latest developments in the cyber industry.
