Labor would bring on data breach-notification laws 'as soon as practicable'

Under a Shorten Labor government, Australia may finally receive data breach-notification laws.

Should Labor win the impending July 2 election, Shadow Attorney-General Mark Dreyfus has said the incoming government would look to get the stalled data breach-notification laws passed with support from the conservative parties.

"Mandatory data breach legislation was a Labor commitment, and it is one that we maintain," Dreyfus told ZDNet.

"If elected, a Labor government would once again bring forward the legislation as soon as practicable, with the expectation of bipartisan support."

Australia is currently without data breach-notification laws, despite the Joint Parliamentary Committee on Intelligence and Security recommending in February 2015 that Australia have data-breach notification laws in place before the end of 2015, prior to the implementation phase of the data-retention laws that Labor voted to introduce.

Under Australia's data-retention laws, approved law-enforcement agencies are able to warrantlessly access two years' worth of customers' call records, location information, IP addresses, billing information, and other data stored by telcos.

Australian Greens Senator Scott Ludlam said the need for data breach notification became more urgent once Labor joined with the government to "ramp up surveillance of every Australian" by passing the data-retention laws.

"It's encouraging to hear that Labor have committed to passing data breach notification, a mere three years after it was first debated in the Senate prior to the election of Tony Abbott," Ludlam said.

"Attorney-General George Brandis committed to legislate data breach notification before the end of 2016. Liberal Senator Scott Ryan said the Bill will be introduced in the first half of the year. We still don't have a Bill.

"The least Labor can do now is to keep people informed when that data is compromised."

On Thursday, Prime Minister Malcolm Turnbull called for more communication around computer security breaches as a method to protect others.

"It's very important that we have a more open culture in this area, and we have to lead by example," Turnbull told reporters after launching the government's AU$240 million Cyber Security Strategy.

"It's only when people acknowledge there has been a breach that we can actually learn from it and everyone can learn from it ... Often this is because of a flaw in a software system that is widely used, and so the more we understand about what has happened in one place enables us to protect the others."

Plans to introduce a data breach-notification scheme stalled when Labor was last in government in 2013, but that did not stop Dreyfus from hitting out at Turnbull yesterday.

"Three years after mandatory data breach-notification legislation was introduced into the Parliament by the Labor government, the Liberal Party is set to squib it on this important cybersecurity measure once again," Shadow Attorney-General Mark Dreyfus said.

"As Mr Turnbull announces the beefing up of national cybersecurity defences, he has once again let down Australians on their individual cybersafety. It is ridiculous that the Abbott-Turnbull government has failed to pass what should be an uncontroversial measure after three years of government."