The mandatory privacy breach notification

Voluntary notification system with data breaches – encouraging agencies to inform when things go wrong, so the PC can advise what to do and learn of what the vulnerabilities are and communicate more widely as to risk management

Mandatory privacy breach reporting required – significant failures – i.e. Yahoo losing data records and not telling anyone for 4 – 5 years.  Without a mandatory breach reporting, there is no clear idea of the size of unreported breaches

This material can circulate on the dark web and be exploited without anyone knowing about it.  This obligation is therefore intended to restore control to individuals in terms of taking control of their personal information

Credentials hacked and exfiltrated from a service to which you have entrusted them then the service provider has failed in their duty to protect your personal information and you are then in the position of being able to protect yourself by changing passwords, checking your credit records, doing whatever you need to do to ensure the damage is minimised, etc.

Mandatory privacy breach reporting enables direct benefits for individuals à individuals can take control again of their own personal information as well as the risk management of their personal information

Mandatory privacy breach reporting required also to the Office of the Privacy Commissioner à they can then see what is happening and what the trends are, and by communicating back out to industry and the wider economy the standards can be improved in order to raise the standard of protection right across the board