The Australian Privacy Commissioner has issued a draft Voluntary Information Security Breach Notification
Guide for consultation.

The Guide aims to assist
agencies and organisations to minimise the possibility of an information security breach breach
occurring and how to prepare for and respond effectively to any
breaches if and when they do occur.

An information security breach occurs when personal information is
exposed to unauthorised access, use, disclosure or modification as a
result of a breach of an agency’s or organisation’s information
security.

At present there are no specific requirements under the Privacy Act
for agencies and organisations to notify individuals of an information
security breach. However, a proposal to make notification of
information security breaches mandatory is being considered by the
Australian Law Reform Commission in its Review of Privacy.

Submissions on the draft Guide can be made until 16 June 2008.