Does Australia really need mandatory data breach notification laws - and if so, what kind?
Date of this Version
Mandatory data breach notification laws brought much-needed attention to areas of concern that were previously unknown, particularly organisational inadequacies regarding the security of personal information, and led to innovative organisational practices and regulatory initiatives. This is important given that there is little or no incentive for private and public organisations to report data breach information on their own, particularly given the fear of reputational sanctions.137 Yet, data breach notification laws can also bring publicity to breaches that are relatively minor, and not likely to have a significant impact given the low risk of identity theft, which can unnecessarily lead to costly legal action or regulatory enquiry.
This document has been peer reviewed.