TY - JOUR
T1 - Louder bark with no bite
T2 - Privacy protection through the regulation of mandatory data breach notification in Australia
AU - Alazab, Mamoun
AU - Hong, Seung Hun
AU - Ng, Jenny
PY - 2021/3
Y1 - 2021/3
N2 - The disruptive shift of technologies in the Internet age poses the challenge of securing our digital asset and cyberspace from large-scale, sophisticatedly targeted offenses and cybercrimes. As a response, many governments have introduced mandatory notification schemes in which an entity bears an obligation to notify the regulator and affected individuals if personal data it holds is compromised. Focusing on Australia's Notifiable Data Breach (NDB) scheme introduced in 2018, this paper points out that the NDB scheme gives entities that should be responsible for data protection much leeway while holding individuals, only victims of a data breach, responsible for dealing with the consequences. This is problematic as redressing the grievances caused by a data breach is difficult in the Australian context. It is difficult for a victim of a breach of privacy to bring an action in court mainly because there is no established tort of privacy in Australia. Further, bringing a class action for data breaches is a difficult process. We suggest that the real effect of the NDB scheme requires an understanding in a broader context of Australian Privacy Principles (APPs). Regulated in a broader APPs context, the NDB scheme could become a part of a privacy protection regime that requires public agencies and businesses to have better accountability and responsibility mechanisms.
AB - The disruptive shift of technologies in the Internet age poses the challenge of securing our digital asset and cyberspace from large-scale, sophisticatedly targeted offenses and cybercrimes. As a response, many governments have introduced mandatory notification schemes in which an entity bears an obligation to notify the regulator and affected individuals if personal data it holds is compromised. Focusing on Australia's Notifiable Data Breach (NDB) scheme introduced in 2018, this paper points out that the NDB scheme gives entities that should be responsible for data protection much leeway while holding individuals, only victims of a data breach, responsible for dealing with the consequences. This is problematic as redressing the grievances caused by a data breach is difficult in the Australian context. It is difficult for a victim of a breach of privacy to bring an action in court mainly because there is no established tort of privacy in Australia. Further, bringing a class action for data breaches is a difficult process. We suggest that the real effect of the NDB scheme requires an understanding in a broader context of Australian Privacy Principles (APPs). Regulated in a broader APPs context, the NDB scheme could become a part of a privacy protection regime that requires public agencies and businesses to have better accountability and responsibility mechanisms.
KW - Cybercrime
KW - Mandatory notification
KW - Notifiable data breach
KW - Privacy protection
KW - Regulation
KW - Tort of privacy
UR - http://www.scopus.com/inward/record.url?scp=85094316866&partnerID=8YFLogxK
U2 - 10.1016/j.future.2020.10.017
DO - 10.1016/j.future.2020.10.017
M3 - Article
AN - SCOPUS:85094316866
SN - 0167-739X
VL - 116
SP - 22
EP - 29
JO - Future Generation Computer Systems
JF - Future Generation Computer Systems
ER -