ADMA critical of plans for compulsory data breach notifications

CEO Jodie Sangster lambasts Australian Government for plans to impose mandatory data breach notifications on top of coming privacy laws and claims they threaten Australian business prosperity

The chief of the Association for Data-driven Marketing and Advertising (ADMA) has lambasted Federal Government plans to impose compulsory data breach notifications as a threat to the prosperity of hundreds of thousands of Australian businesses.

The data breach notification bill, officially known as the Privacy Amendments (Privacy Alerts) Bill 2013, had its first reading in parliament last month. If passed, it was originally expected to come into legislative effect in March 2014 alongside the Australian Privacy Principles. The bill will require government agencies and private organisations to notify customers of serious data breaches relating to personal, credit reporting, credit eligibility or tax file number information as they occur.

ADMA however anticipates the bill could be referred to a Senate Committee later this week and could pass early next week given the government controls the committee.

ADMA CEO, Jodie Sangster, claimed compulsory data breach reporting will impose more layers of regulation on Australian businesses, potentially causing administrative overload and impeding their ability to be globally competitive.

“This is ill-considered law,” she said. “It comes at a time when businesses large and small are already grappling with the most extensive changes to privacy legislation seen in the last 10 years. And now the government intends to impose yet more legislation without even considering the impact on business.

“Not only are there significant new compliance requirements under the recently adopted Privacy Law, under this new law businesses will face mandatory breach reporting.”

According to Sangster, the industry already has clear and comprehensive guidelines on data notification breaches that are working well, and that companies have been responsive to these. She also questioned the lack of clarity around what ‘serious harm’ meant, especially given the threat of up to $1.7 million fines for non-compliance.

“There is a danger that businesses will err on the side of caution and over-report data breaches,” she continued.

In a recent speech, Attorney General Mark Dreyfus cited a report from McAfee claiming 21 per cent of Australian businesses had suffered data breaches. Sangster noted more than 2.1m businesses were trading in Australia last year, meaning the number of potential data privacy breach investigations could reach 450,000 – an unworkable figure for businesses, consumers and the regulator.

“There is no evidence of systemic failure to justify this kind of proactive reporting regime,” Sangster claimed. “If the Government is going to make any changes to the current regime it needs to go through proper consideration and consultation. Businesses have enough on their plate trying to prepare for new privacy laws coming into effect in a matter of months. Let’s get that right and then we can look at what more needs to be done. What’s the big rush?

“This will have negative economic consequences for the country at a time when the Government should be looking to support business and boost the wider economy,” she added.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO Australia conversation on LinkedIn: CMO Australia, or join us on Facebook: https://www.facebook.com/CMOAustralia

2 Comments

Privacy Paul

1

I think that the data breach notification and privacy laws are very important and have been in place in other jurisdictions globally since 2002. The impact to business although seemingly daunting is not. If you use personally identifiable data as part of how you transact in your business you have an obligation to protect it in use and at rest. Identity theft is on the rise and with 1 in 4 affected by a data breach event. If ADMA wishes to use personal data to generate revenue, then they must protect it or face the penalties from statutory and civil bodies for not doing so.

RA

2

This person has no idea. What regulations are impeding business now?

Comments are now closed.

Supporting Association

App Discovery is a huge problem. Here is a 101 Guide to help solve it! https://www.linkedin.com/today/post/article/20140712034258-264557...

Robert Haastrup-Timmi

Mobile marketing strategy: To app or not to app?

Read more

Thanks Chris for your feedback - I suspect that your view is one of business services, not just marketing, as was our original propositio...

Nadia Cameron

Mobile marketing strategy: To app or not to app?

Read more

This is an interesting article, but in my mind there's actually 3 kinds of apps not two: 1. Marketing, Campaign or Activation Resul...

Chris Inch

Mobile marketing strategy: To app or not to app?

Read more

For both apps, drivers and non-drivers, we measure both registration and usage. For online or mobile leads, our call centre checks the so...

Jörg Dietzel

Why Audi of Korea is spending a quarter of its marketing budget on mobile

Read more

Great article!

Senor Belvitos

BelVita Australian brand chief: Marketers need an entrepreneurial mindset

Read more

Sign in