ADMA critical of plans for compulsory data breach notifications

CEO Jodie Sangster lambasts Australian Government for plans to impose mandatory data breach notifications on top of coming privacy laws and claims they threaten Australian business prosperity

The chief of the Association for Data-driven Marketing and Advertising (ADMA) has lambasted Federal Government plans to impose compulsory data breach notifications as a threat to the prosperity of hundreds of thousands of Australian businesses.

The data breach notification bill, officially known as the Privacy Amendments (Privacy Alerts) Bill 2013, had its first reading in parliament last month. If passed, it was originally expected to come into legislative effect in March 2014 alongside the Australian Privacy Principles. The bill will require government agencies and private organisations to notify customers of serious data breaches relating to personal, credit reporting, credit eligibility or tax file number information as they occur.

ADMA however anticipates the bill could be referred to a Senate Committee later this week and could pass early next week given the government controls the committee.

ADMA CEO, Jodie Sangster, claimed compulsory data breach reporting will impose more layers of regulation on Australian businesses, potentially causing administrative overload and impeding their ability to be globally competitive.

“This is ill-considered law,” she said. “It comes at a time when businesses large and small are already grappling with the most extensive changes to privacy legislation seen in the last 10 years. And now the government intends to impose yet more legislation without even considering the impact on business.

“Not only are there significant new compliance requirements under the recently adopted Privacy Law, under this new law businesses will face mandatory breach reporting.”

According to Sangster, the industry already has clear and comprehensive guidelines on data notification breaches that are working well, and that companies have been responsive to these. She also questioned the lack of clarity around what ‘serious harm’ meant, especially given the threat of up to $1.7 million fines for non-compliance.

“There is a danger that businesses will err on the side of caution and over-report data breaches,” she continued.

In a recent speech, Attorney General Mark Dreyfus cited a report from McAfee claiming 21 per cent of Australian businesses had suffered data breaches. Sangster noted more than 2.1m businesses were trading in Australia last year, meaning the number of potential data privacy breach investigations could reach 450,000 – an unworkable figure for businesses, consumers and the regulator.

“There is no evidence of systemic failure to justify this kind of proactive reporting regime,” Sangster claimed. “If the Government is going to make any changes to the current regime it needs to go through proper consideration and consultation. Businesses have enough on their plate trying to prepare for new privacy laws coming into effect in a matter of months. Let’s get that right and then we can look at what more needs to be done. What’s the big rush?

“This will have negative economic consequences for the country at a time when the Government should be looking to support business and boost the wider economy,” she added.

Follow CMO on Twitter: @CMOAustralia, take part in the CMO Australia conversation on LinkedIn: CMO Australia, or join us on Facebook: https://www.facebook.com/CMOAustralia

Comments

Privacy Paul

1

I think that the data breach notification and privacy laws are very important and have been in place in other jurisdictions globally since 2002. The impact to business although seemingly daunting is not. If you use personally identifiable data as part of how you transact in your business you have an obligation to protect it in use and at rest. Identity theft is on the rise and with 1 in 4 affected by a data breach event. If ADMA wishes to use personal data to generate revenue, then they must protect it or face the penalties from statutory and civil bodies for not doing so.

RA

2

This person has no idea. What regulations are impeding business now?

Comments are now closed.

Supporting Association

Dell needs to look at it's whole customer experience through the eyes of high awareness customers. As far as I can tell, they have co...

Thomas

Dell, Expedia share how they're striving to improve customer engagement

Read more

Great article. Its complicated; balancing a great user experience with value of business marketers and return to shareholders. Amazin...

Tim Davies

How marketers lost faith in Facebook

Read more

Yes, it seems strange that Sport Clubs don't see the people who pay as customers...but it is. Especially in the Italian Serie A: check my...

Alessia Cocco

Thinking of fans as customers: Australian Rugby Union's data journey

Read more

Imagine, a business actually seeing the people who pay as customers. Who'd a thought eh?

Blinky Bill of Bellingen NSW

Thinking of fans as customers: Australian Rugby Union's data journey

Read more

What is the problem? They are glasses. Take them off when use isn't warranted, then put them back on when you need them. Simple. I'm more...

Andrew

Google Glass marketers focus on transparency

Read more

Sign in