Australia's long-awaited and long-delayed data breach notification laws are back on the political agenda, after the nation's House of Representatives passing the legislation yesterday.
The bill now before Australia's Senate is the rather limp document that landed in October 2016.
Companies will have the chance to keep mum about a breach, if they believe it's not going to harm anybody. As we noted last year, the explanatory memorandum puts it like this:
“It would not be appropriate for minor breaches to be notified,” the memorandum says, “because of the administrative burden that may place on entities, the risk of ‘notification fatigue’ on the part of individuals, and the lack of utility where notification does not facilitate harm mitigation.”
The Register understands that sending an email attachment to the wrong person would pass the "minor breach" test.
The laws were first mooted under a Labor government in 2012, but faded from view with the change of government in 2013. The idea was revived later that year, at which time Vulture South optimistically thought it would be legislated “soon”.
After another year of sitting in the legislative to-do list, a financial services inquiry dusted off the idea.
Former prime minister Tony Abbott's government then ignored the legislation for a couple of years. Current prime minister Malcolm Turnbull had other priorities after winning the job.
The Bill's passage will bring joy to security vendors, who lobbied hard for Australia to follow the many other nations that have introduced such laws. Those efforts were, of course, aimed at creating a wider market for data loss prevention tools and other products. In our interests. And those of vendors' shareholders. ®