Contradictions and inconsistencies in Australia's mandatory data breach notification laws

Journal article


Gibson, Dennis and Harfield, Clive. (2021). Contradictions and inconsistencies in Australia's mandatory data breach notification laws. Computer Law and Security Review. 42, p. Article 105600. https://doi.org/10.1016/j.clsr.2021.105600
AuthorsGibson, Dennis and Harfield, Clive
Abstract

This article critically examines the objectives and practical operation of Australia's mandatory data breach notification [MDBN] law. We find that the scope and application of Australia's law do not reflect the legislative objectives underpinning the law. The wording of the law is ambiguous, and it is beset by conceptual inconsistencies. The law also fails to adequately consider the needs of individuals whose personal information has been compromised in a data breach. As a result, Australia's MDBN law is unlikely to meet the needs of organisations that have experienced a data breach, or of individuals who are notified. We conclude by identifying options for reform to better reflect the law's rationale and to better achieve its objectives. Comparisons are made with similar laws in force in the United States and with the General Data Protection Regulation.

Keywordsdata breach notification; personal information; identity theft; notification threshold
Year2021
JournalComputer Law and Security Review
Journal citation42, p. Article 105600
PublisherElsevier Ltd
ISSN0267-3649
Digital Object Identifier (DOI)https://doi.org/10.1016/j.clsr.2021.105600
Scopus EID2-s2.0-85113846645
Research or scholarlyResearch
Page range1-11
Publisher's version
License
All rights reserved
File Access Level
Controlled
Output statusPublished
Publication dates
Online29 Aug 2021
Publication process dates
Deposited02 Aug 2022
Permalink -

https://acuresearchbank.acu.edu.au/item/8y0vz/contradictions-and-inconsistencies-in-australia-s-mandatory-data-breach-notification-laws

Restricted files

Publisher's version

  • 7
    total views
  • 0
    total downloads
  • 7
    views this month
  • 0
    downloads this month
These values are for the period from 19th October 2020, when this repository was created.

Export as

Related outputs

Was Snowden virtuous?
Harfield, Clive. (2021). Was Snowden virtuous? Ethics and Information Technology. 23(3), pp. 373-383. https://doi.org/10.1007/s10676-021-09580-4
(Im)material culture : Towards an archaeology of cybercrime
Harfield, Clive Geoffrey and Schofield, John. (2020). (Im)material culture : Towards an archaeology of cybercrime. World Archaeology. 52(4), pp. 607-618. https://doi.org/10.1080/00438243.2021.1882333