• Contact
  • Feedback
Banking Day
Stay Ahead. Stay Informed.
Concise. Candid. Provocative.
Get the daily banking news that matters
Banking Day – Your trusted source for independent financial insights.
Subscribe Now
  • News
  • Topics
    • All Topics
    • Briefs
    • Major Banks
    • Authorised deposit-taking institutions
    • Insurance, funds and super
    • Payments, mobile & wallets
    • Consumer lending
    • Mortgages
    • Business lending
    • Finance regulation
    • Debt capital markets
    • Ratings agencies
    • Equity capital markets
    • Professional services
    • Work & career
    • Foreign news
    • Other topics
  • Free Trial
  • Subscribe
  • Resources
    • Industry events
  • About us
    • About Banking Day
    • Advertise
    • Feedback
    • Contact Banking Day
  • Search
  • Login
  • My account
    • Account settings
    • User Admin
    • Logout

Login or request a free trial

Credit providers included in new mandatory data breach reporting rules

07 September 2016 4:13PM
The Australian Government's legislative timetable for the current sitting of Parliament includes the passage of new mandatory data breach requirements.The Government plans to introduce the Privacy Amendment (Notification of Serious Data Breaches) Bill 2015, which sets out mandatory breach notification provisions for entities regulated by the Privacy Act, including credit reporting bodies and credit providers.When a business suffers a breach of secure information, accidental loss of data or negligent or improper disclosure of information, it will have to inform anyone affected as well as the Office of the Australian Information Commissioner.The amendment includes a detailed description of the types of credit information covered, ranging from credit card details to credit reports.Financial institutions will be responsibility for breach reporting if they have provided credit data to an overseas entity and that entity suffers a breach.The purpose of breach reporting is to give people affected an opportunity to take steps to mitigate any loss or harm by changing passwords, cancelling accounts and so on.Organisations reporting breaches will be required to assist affected individuals take remedial steps, such as issuing new passwords.A breach is a serious data breach when there is "a real risk of serious harm to the individual." Serious harm includes physical, psychological, emotional, economic and financial harm, as well as harm to reputation. Notification will be compulsory unless it would affect a law enforcement investigation or is deemed by the regulator to be contrary to the public interest.The OAIC will have the power to issue directions to organisations to issue breach notifications in situations where it judges that a serious breach has occurred and no notification has been made.Mandatory data breach reporting has been on the legislative agenda for some time.In 2013 the Australian Privacy Commissioner criticised the existing voluntary reporting system, saying that notifications had fallen despite an increase in the frequency of data breaches.The commissioner said in a statement: "The last couple of years have seen a number of high-profile data breaches and subsequent own motion investigations initiated by me, and research suggest that the frequency of data breaches in Australia has grown."Despite this upward trend, the Office of the Australian Information Commissioner only received 46 data breach notifications in 2011/12, an 18 per cent decrease from the previous year."I am concerned that we are only being notified of a small percentage of serious data breaches that are occurring."The Labor Government introduced a mandatory reporting bill the same year but an election intervened and the bill lapsed.

I'm a returning subscriber

*
Password reset *
Login

Request a free trial

  • Emailing you the news at 7am.
  • Covering core lending and funding issues, strategy, payments, regulation, risk management, IT, marketing and more.
  • Original news and summaries of major stories from other media – ditch your newspaper subscriptions.
  • Focused on banking and finance, saving you the time spent wading through newspapers and other services.
  • With reporting from former editors and senior writers from the AFR and The Australian.
  • Configured for your phone, laptop and PC.
Free trial Banking Day
Stay Ahead. Stay Informed.
Concise. Candid. Provocative.
Get the daily banking news that matters
Banking Day – Your trusted source for independent financial insights.
Subscribe Now

Consumer lending

  • Latitude, Harvey Norman liable for interest free GO card con

Copyright © WorkDay Media 2003-2025.

Banking Day is a WorkDay Media publication

WorkDay Media Unit Trust

  • Privacy policy
  • Terms of access and use