Does Australia really need mandatory data breach notification laws - and if so, what kind?

Date of this Version


Document Type

Journal Article

Publication Details

Citation only

Smyth, S. (2013). Does Australia really need mandatory data breach notification laws- and if so, what kind? Journal of law and information science, 22(2) 1-24.

Access the journal

2013 HERDC submission. FoR code: 180106;180199

© Copyright, Smyth, S; Journal of Law, Information & Science and Faculty of Law, University of Tasmania, 2013





Mandatory data breach notification laws brought much-needed attention to areas of concern that were previously unknown, particularly organisational inadequacies regarding the security of personal information, and led to innovative organisational practices and regulatory initiatives. This is important given that there is little or no incentive for private and public organisations to report data breach information on their own, particularly given the fear of reputational sanctions.137 Yet, data breach notification laws can also bring publicity to breaches that are relatively minor, and not likely to have a significant impact given the low risk of identity theft, which can unnecessarily lead to costly legal action or regulatory enquiry.

This document is currently not available here.



This document has been peer reviewed.