Liberal senators decry data breach notification bill

Liberal Party senators have refused to support the latest incarnation of Labor’s data breach notification bill, complaining that the bill’s language is ambiguous and that stakeholders weren’t given adequate opportunity to comment during the bill’s construction.

Labor senator Lisa Singh introduced the bill - the Privacy Amendment (Privacy Alerts) Bill 2014 - into the senate in March this year. The bill is reportedly identical to the Privacy Amendment (Privacy Alerts) Bill 2013, which passed the House of Reps in June last year, but was not heard in the senate before it closed prior to the 2013 federal election.

Introducing the bill in March this year, Singh said: “The bill provides that when an agency or organisation has suffered a serious data breach, it must notify the affected individuals and the OAIC [Office of the Australian Information Commissioner].”

The bill would allow for a court to impose a civil penalty in the case of serious or repeated non-compliance with notification requirements.

Debate on the bill resumed in the Senate last week, with Liberal Party senators saying the government is broadly sympathetic to data security practices, but not as set out in Labor’s bill.

Genuine concerns

Liberal Party Senator and Deputy Government whip Christopher Back opened the debate last Thursday, saying: “Measures that enhance the protection and security of the personal information of Australians are critical.

“We have previously expressed concerns about the details of this bill and especially about the Labor Party … failing to consult broadly with affected members in the community and with industry, those who will be responsible for the implementation,” Back said.

Back also spoke of concerns regarding “the lack of definition of terms such as ‘serious breach’ or ‘serious harm’ in the legislation”.

“These are genuine concerns,” added Liberal senator and Parliamentary Secretary to the Minister for the Environment Simon Birmingham. “It is reasonable for people to wonder how they can definitely comply with this legislation and what their obligations and responsibilities are.”

Birmingham also spoke of the regulatory impact that data breach notification laws could have on industry.

“These issues around privacy are critically important, but we do need to equally acknowledge that [what] we have here is a relationship between privacy and the rights of individuals and how that is appropriately dealt with on the one hand and of course then regulation, regulation in particular of parts of the digital economy, and how that is appropriately dealt with on the other hand,” Birmingham said.

Back criticised the time period Labor provided for stakeholders to provide input on the original bill, noting that several groups - including Liberty Victoria and the Cyberspace Law and Policy Centre at the University of New South Wales’ Faculty of Law - had complained about being given only a short window to comment.

When Liberal senator David Fawcett admonished the Labor party for not giving stakeholders and civil society adequate opportunity to comment on the bill, Singh interjected, saying: “They’ve been consulted for years and years!”

Greens senator Scott Ludlam, however, spoke out in support of the bill, saying: “This is very strongly in line with Greens policy.

“I did find it somewhat puzzling that [Liberal senator Back] admonished senator Singh for somehow not giving people enough advance warning that this matter was being brought forward when it has been on the Notice Paper for years,” Ludlam said.

“Citizens have a right to privacy and corporations and powerful institutions and governments have an obligation to transparency. That is something, I suppose, of the Cypherpunk Manifesto. We see this government, particularly under this Attorney-General, as moving in the opposite direction - as annihilating privacy for ordinary people while withdrawing government operations behind a curtain of national security,” Ludlam said.

Image: Australian House of Representatives, by JJ Harrison under CC.