Still no timeframe for data breach laws
The Federal Government has missed its deadline to introduce privacy laws into parliament which need to be addressed before data breach notification laws can be considered.
In August 2008 the Federal Government released a 2700 page Australian Law Reform Commission (ALRC) report that recommended 295 changes to privacy laws and practices in Australia. The report was delivered to the Attorney-General on 30 May 2008 and was launched by then Cabinet Secretary Senator John Faulkner, and the Attorney-General, Robert McClelland, on 11 August 2008.
Included within the report were recommendations that a data breach notification law be introduced. Such a law would require companies and government agencies to alert customers if their data has been breached.
Since then, however, the government decided to break its response to the 295 recommendations into two parts. It would only address data breach notification law recommendations in the second stage of its response, after it had completed actioning a first stage which was to deal with 197 recommendations relating to various privacy topics unrelated to data breaches. These recommendations had a broad scope, ranging from how biometric information should be handled to regulations on using radio frequency identification (RFID) tags.
Faulkner told journalists in August 2008 that the government would be "able to legislate on the first stage in the next 12 to 18 months". Some 20 months later, the Federal Government has yet to legislate and has not yet issued exposure draft legislation, which means a further wait for the creation of data breach laws.
"This is a complex area of law and the Rudd Government is willing to put in the time necessary to get our reforms right," current Cabinet Secretary, Senator Joe Ludwig, told ZDNet.com.au in an emailed statement today. "We are currently developing exposure draft legislation to implement our reforms as part the government's first-stage response to the [Australian Law Reform Commission's] privacy report. We anticipate releasing the exposure draft legislation for public consultation through parliamentary committee later this year, and introducing the reforms into parliament as soon as possible after that."
The Department of the Prime Minister and Cabinet website currently states that the Federal Government will consider the second stage recommendations "once the first stages reforms have been progressed".