Stricter laws regarding data breach notifications have been highlighted as one key aspect which needs to be tackled under a multinational joint plan outlined by the US, UK, Canada, New Zealand and Australia.
Australia in particular, is a government which has been accused of not keeping up with developments. Nigel Waters, the former Assistant UK Data Protection Registrar commented, “The government has dragged its feet. I don’t think there’s any excuse for not acting on this.”
Timothy Pilgrim the Australian privacy commissioner, when asked about bringing a new policy said “it’s a useful tool that is going to give people the ability to have a greater understanding of what’s happening to their information, particularly if something goes wrong with it.”
Where no laws exist forcing organisations to admit when they have had a data loss there is no way of keeping track of just how many incidents have occurred. In the past twelve months there have been 56 major incidents reported in Australia (a 27% increase compared to the year before).
In the US for instance organisations have to notify the trade commission within 60 days if personal information is compromised. In addition the company which has lost data must specify exactly what data has been lost. Failure to admit a data loss results in the organisation being liable for US $11,000 per person which peaks at approximately $5million. In the UK the Information Commissioner’s Office has the ability to impose penalties of up to £500,000.
It is essential that data losses are documented properly throughout the world in order to maintain a grasp on data management and security and it is likely that the Australian government will take appropriate steps soon.