news Attorney-General George Brandis has confirmed the Federal Government still plans to introduce mandatory data breach laws before the end of 2015, in a move that is aimed at making the Government’s controversial Data Retention scheme more transparent.
The introduction of mandatory data breach laws — which would require companies to disclose to the public when they suffered a breach of security that resulted in individuals’ details being disclosed — was one of the recommendations made by the Parliamentary Joint Committee on Intelligence and Security.
A number of Labor figures viewed the introduction of the laws as being one of the issues which led the party to support the Government’s Data Retention legislation. In addition, legislation which would introduce such laws has already been put before the Parliament, in the form of a private senator’s bill authored by Labor Senator Lisa Singh.
In Question Time earlier this week, Greens Senator Scott Ludlam asked Senator Brandis: “In March of this year, during negotiations and extended debate over the mandatory data retention legislation, the government committed to have mandatory data breach laws in place before the end of this year, whereby anybody who loses control of your private information would at least be obliged to notify you that that had happened. With only 14 and a half sitting days left on the parliamentary calendar, where is this bill?”
Senator Brandis replied: “It is still the government’s intention to legislate for a mandatory data breach scheme before the end of this year.” Later in the Senate, Brandis qualified his answer by noting that the Government would introduce the bill before the end of 2015 — meaning it may not pass until 2016.
The news comes as the Data Retention debate has been swirling in the Parliament this week.
The Government’s Data Retention legislation passed Parliament in March this year. It requires that all Australian telecommunications carriers store significantly more data on their customers than they were previously holding, including records pertaining to all emails, telephone calls and SMS messages. The scheme was slated to come into effect on Tuesday this week.
However, earlier this week the peak industry representation group, the Communications Alliance, released data showing that the Attorney-General’s Department has proven unable to administer the scheme successfully.
The survey — which polled many dozens of Australian telecommunications companies — showed that the majority had lodged so-called implementation plans with the Attorney-General’s Department detailing their plans to implement the scheme.
However, the data also showed that the Government had not proven able to approve the vast majority of implementation plans, with most telcos never having heard back from the Attorney-General’s Department, despite complying with the law and filing their implementation plan. Attorney-General George Brandis oversees the department.
It has been reported that not even Australia’s largest telcos — Telstra, Optus and Vodafone — are currently able to comply with the Data Retention legislation.