NSW considers breach bill
NSW Labor wants state government agencies to report any data breaches.
Shadow attorney general Paul Lynch put up a bill calling for a mandatory data breach notification scheme requiring state agencies to report to the NSW Privacy Commissioner within 15 days of a serious breach of privacy occurring, and complete an assessment within 30 days.
A similar mandatory scheme exists on the federal level, but state government organisations and local councils are not required to comply with it.
The proposed changes also include enhancing the powers of the NSW privacy commissioner to request information from agencies if it believes an agency has caused or contributed to a serious breach.
Mr Lynch said current laws, set up in 1998, “had not kept pace with the change in technology”.
“When the current privacy laws were introduced, there was no idea of how technology would develop,” he said.
“Smartphones didn’t exist and warrantless mass CCTV facial recognition technologies hadn’t been thought of. The law should be modernised and introduced to the world of big data.”
“Mandatory notification increases the transparency of government operation. It is also a useful way of reducing the likelihood of further breaches.”