THE HON MARK DREYFUS QC MP
SHADOW ATTORNEY-GENERAL
SHADOW MINISTER FOR NATIONAL SECURITY
MEMBER FOR ISAACS
UBER BREACH: AUSTRALIANS STILL WITHOUT DATA BREACH NOTIFICATION
The cost of the government’s laziness in passing legislation for mandatory data breach notification has been made clear today with news of the large-scale hacking of Uber user data.
In 2013, the Labor government passed through the House of Representatives a law that would make it mandatory for companies to notify customers if their personal data had been compromised. That bill unfortunately lapsed at the 2013 election.
Inexplicably, it took the Abbott-Turnbull government until February this year - four years since Labor first introduced a bill - to implement that legislation itself. That is despite a promise to do so by the end of 2015.
Thanks to the government’s slowness on this important piece of legislation, it does not come into force until 22 February 2018.
That means the potentially thousands of Australian Uber customers whose data was compromised last year have been left without the protection this legislation provides.
This is just the latest in a string of large breaches to affect Australians – many of them involving key government departments, such as the Medicare data breach earlier this year.
Australians can only take action to protect their personal information – by changing passwords for example – if they are told their data has been impacted. Otherwise they are powerless and left vulnerable to potential fraud.
In an increasingly digitised world the need for mandatory data breach legislation with real teeth is critical.
Labor will closely monitor the operation of the new legislative regime when it comes into force early next year. If it becomes apparent there are gaps or insufficient protections, Labor will move to strengthen the regime.
WEDNESDAY, 22 NOVEMBER 2017
