In responding to the Parliamentary Joint Committee on Intelligence and Security’s Report On The Telecommunications (Interception And Access) Amendment (Data Retention) Bill 2014 the Government has agreed to introduce a mandatory data breach notification scheme by the end of 2015, and will consult on draft legislation.

It does not appear that the scheme will be limited to telecommunications providers.

Although it was not part of the Committee’s Terms of Reference it said:

“A mandatory data breach notification scheme is considered one effective mitigation strategy for those affected by a data breach. While the Committee notes that this issue is the subject of broader consideration within Government, the Committee considers that there must be a scheme in place prior to implementation of the Bill. The Committee considers that a mandatory data breach notification scheme would provide a strong incentive for service providers to implement robust security measures to protect data retained under the data retention regime.”

The Telecommunications (Interception And Access) Amendment (Data Retention) Bill 2014 will, amongst other things, ‘require companies providing telecommunications services in Australia, carriers and internet service providers to keep a limited, prescribed set of telecommunications data for two years’.

The Privacy Amendment (Privacy Alerts) Bill 2014 has been introduced as a Private Bill into the Senate by Labor Senator Singh based on a previous Labour Government Bill which lapsed after the 2013 election.

It is not clear whether a new Bill would adopt the same provisions.

Background on data breach notification