No one disputes that data privacy breaches pose a serious threat to cyber safety – least of all businesses who are often the victims. But is more government red tape in the form of mandatory data breach reporting really the fix?
The Federal Government wants businesses to report in to the Privacy Commissioner every time they experience a ‘serious’ data privacy breach. But how serious is ‘serious’? They don’t tell us. Instead, they say: “Report your breaches, and we will tell you if they are serious or not”
When the Attorney General Mark Dreyfus spoke at a privacy conference in Sydney recently, he cited a report from McAfee claiming 21 per cent of Australian businesses had suffered data breaches. Well let’s see: in 2012 there were 2,141,280 businesses trading in Australia. That means the Privacy Commissioner can expect to be investigating 449,669 potential data privacy breaches once mandatory positive reporting takes effect. Good luck to him.