With the discussion again starting about Australia’s position on Mandatory Data Breach Disclosure (http://bit.ly/1avVg7H), we presented the following to the government in 2012 when RFC was opened in regards to this potential legislation. What are your thoughts?
The following are our [Securus Global] thoughts on Mandatory Data Breach Notification, in response to the Discussion Paper: Australian Privacy Breach Notification (Oct, 2012).
Organisations most likely to be affected by the introduction of such laws also tend to already have better information security and privacy policies in place.
Where we are coming from: If you have good practices and controls in place, you’re probably also more likely to detect a breach and would, under these new laws, have to openly disclose. (Fair enough).