Louder bark with no bite: Privacy protection through the regulation of mandatory data breach notification in Australia

Mamoun Alazab, Seung Hun Hong, Jenny Ng

    Research output: Contribution to journalArticlepeer-review

    134 Downloads (Pure)

    Abstract

    The disruptive shift of technologies in the Internet age poses the challenge of securing our digital asset and cyberspace from large-scale, sophisticatedly targeted offenses and cybercrimes. As a response, many governments have introduced mandatory notification schemes in which an entity bears an obligation to notify the regulator and affected individuals if personal data it holds is compromised. Focusing on Australia's Notifiable Data Breach (NDB) scheme introduced in 2018, this paper points out that the NDB scheme gives entities that should be responsible for data protection much leeway while holding individuals, only victims of a data breach, responsible for dealing with the consequences. This is problematic as redressing the grievances caused by a data breach is difficult in the Australian context. It is difficult for a victim of a breach of privacy to bring an action in court mainly because there is no established tort of privacy in Australia. Further, bringing a class action for data breaches is a difficult process. We suggest that the real effect of the NDB scheme requires an understanding in a broader context of Australian Privacy Principles (APPs). Regulated in a broader APPs context, the NDB scheme could become a part of a privacy protection regime that requires public agencies and businesses to have better accountability and responsibility mechanisms.

    Original languageEnglish
    Pages (from-to)22-29
    Number of pages8
    JournalFuture Generation Computer Systems
    Volume116
    DOIs
    Publication statusPublished - Mar 2021

    Fingerprint

    Dive into the research topics of 'Louder bark with no bite: Privacy protection through the regulation of mandatory data breach notification in Australia'. Together they form a unique fingerprint.

    Cite this