Australian Privacy Commissioner, Karen Curtis, has called for mandatory reporting of major data security breaches following a series of high profile incidents in the UK.
Curtis's comments were made in a submission to the Australian Law Reform Commission (ALRC) as part of its review of Australian privacy laws, in the wake of a spate of highly publicised and substantial public data breaches in the UK -- most recently involving the loss of a laptop containing the personal details of 600,000 current and prospective British Navy and Air Force recruits. The Privacy Commissioner said that the recurring incidents in the UK have compelled her to restate the organisation's call for compulsory notification of major breaches.
Privacy Commissioner, Karen Curtis
Credit: Office of the Australian Privacy Commissioner
"While reporting would need to be proportional to the severity of the breach, it would provide organisations with a strong market incentive to adequately secure their databases," she said in a statement.
"It would also give people an opportunity to take any necessary steps to protect their personal information."
Professor Les McCrimmon, head of ALRC's privacy review, said the organisation will be looking at all the submissions that have come in on that discussion paper ahead of filing the final report in March.
McCrimmon told ZDNet.com.au that the Commissioner's announcement today had been taken into account, but that the ALRC was unable to provide any further comment ahead of publishing its full report for the Attorney General in March.
The Office of the Privacy Commissioner also used its submission to publicise its other recommendations to the ALRC including maintaining a technology neutral approach to reform and minimising exemptions from the Privacy Act.