Thumbnail Image
Item

Contradictions and inconsistencies in Australia's mandatory data breach notification laws

Gibson, Dennis
Harfield, Clive
Citations
Google Scholar:
Lookup
Altmetric:
Author
Gibson, Dennis
Harfield, Clive
Abstract
This article critically examines the objectives and practical operation of Australia's mandatory data breach notification [MDBN] law. We find that the scope and application of Australia's law do not reflect the legislative objectives underpinning the law. The wording of the law is ambiguous, and it is beset by conceptual inconsistencies. The law also fails to adequately consider the needs of individuals whose personal information has been compromised in a data breach. As a result, Australia's MDBN law is unlikely to meet the needs of organisations that have experienced a data breach, or of individuals who are notified. We conclude by identifying options for reform to better reflect the law's rationale and to better achieve its objectives. Comparisons are made with similar laws in force in the United States and with the General Data Protection Regulation.
Keywords
data breach notification, personal information, identity theft, notification threshold
Date
2021
Type
Journal article
Journal
Computer Law and Security Review
Book
Volume
42
Issue
Page Range
1-11
Article Number
Article 105600
ACU Department
Thomas More Law School
Faculty of Law and Business
Collections
Thomas More Law School
Show all metadata
URI
https://hdl.handle.net/20.500.14802/6871
Relation URI
DOI
10.1016/j.clsr.2021.105600
Source URL
Event URL
Open Access Status
License
All rights reserved
File Access
Controlled
Notes