The theft of data of over 77 million users of Sony’s PlayStation network (including credit card information of 280,000 of its 715,000 Australian users) (see Sony’s announcements and story from The Australian) and a subsequent announcement relating to a breach relating to Sony Online Entertainment (24.6 million users including 336 Australian credit card holders) has generated a lot of discussion about Sony’s security systems and response.

There is currently no mandatory data breach notification obligation in Australia.

The Australian Privacy Commissioner has opened an own motion investigation.

The Minister for Privacy has also announced that he is considering whether there should be mandatory data breach notification if a breach occurs.

The Privacy Commissioner has a voluntary data breach notification guide. What would you do?