Breach law raised in NSW
The NSW opposition wants to force state government agencies to report data breaches.
Shadow attorney general Paul Lynch has reintroduced a bill seeking to establish a mandatory data breach notification scheme in NSW, matching the federal government’s.
The Privacy and Personal Information Protection Amendment (Notification of Serious Violations of Privacy by Public Sector Agencies) Bill would require state agencies to inform affected parties and the NSW Privacy Commissioner of any “serious” breach of privacy.
The bill would empower the NSW privacy commissioner to request information from agencies if it believes the agency caused or contributed to a serious breach.
Current laws do not require state government organisations , local councils, and organisations with a turnover of less than $3 million a year to comply with the federal reporting scheme.
The new private members bill is almost identical to a bill that was shot down in November 2017 on the grounds that further research and consultation was needed.
“That opposition at the time was unpersuasive and the effluxion of time has made the case for the bill even stronger,” NSW shadow attorney general Paul Lynch said.
Mr Lynch said the amendment’s change the state’s PIPPA act “in a small but significant way that is entirely unobjectionable albeit now quite topical”.
“As is frequently noted our legislation protecting privacy in this State dates from a time before the invention of the iPhone,” he said.
“It is no surprise that the legislation needs amendment and rejuvenation.”
The federal government’s mandatory data breach reporting scheme received over 1,100 notifications in its first year of operation - a 712 percent increase on the 159 voluntary notification received before the scheme was introduced.