The Office of the Privacy Commissioner has released draft guidelines on how companies and governments should report breaches of privacy involving customer data. The Commissioner is seeking comments (by 16 June) on the draft Voluntary Information Security Breach Notification Guide
When final, the Guide, will assist the public and private sectors to be prepared and to respond effectively to an information security breach involving the unauthorised exposure of personal information. The Guide will also assist agencies and organisations to determine when it is appropriate to notify affected individuals about a breach.
At present there are no specific requirements under the Privacy Act for agencies and organisations to notify individuals of an information security breach. However, a proposal to make notification of information security breaches mandatory is being considered by the Australian Law Reform Commission in its Review of Privacy.