Australia’s Privacy Amendment (Notifiable Data Breaches) Act 2017 marks a milestone for information security legislation, but industry is still questioning the need for legal intervention.
Australia is not the first country to introduce strict breach notification laws, nor is it likely to be the last. To date, approximately 90 countries have introduced legislation or have existing laws for breach notification with varying degrees of strictness, enforcement and penalties. And yet data breaches still go undetected and unreported. The United States has approximately 47 states with separate breach notification laws and has yet to introduce a consolidated and unified law at the national level.
It’s not a matter of strictness, breadth or depth that makes digital privacy and breach notification laws effective. In fact, the only way the effectiveness of breach notification and data privacy laws is measured is anchored on whether the legislation helped prevent breaches from happening in the first place. Measuring effectiveness of legislation is a “fuzzy science” at best…….[read my complete article featured in ComputerWorld].