New data breach laws proposed by the Australian government will be bad for the business community and banks themselves, which will be saddled with extra compliance costs, claims the Australian Bankers Association (ABA).
According to the ABA, the Australian Privacy Amendment (Privacy Alerts) Bill extends beyond crackdowns on data breaches overseas and could clash with Australia’s existing information protection laws, which it says are already "robust". The telecommunications carrier industry group in the country is also critical of the bill, which it says would place excessive burdens on the industry.
The bill requires that organisations report breaches in cases that could result in “a real risk of serious harm”, but the banks say the meaning of this is unclear.
“The real cost to banks involved with this legislation is the actual notification to affected customers,” ABA policy director Ian Gilbert declared to the Australian Senate committee examining the issue.
“The breach may have arisen beyond the bank's control. For organisations with large customer bases, the notification requirement may result in a disproportionate cost compared with the possible harm caused by the breach.”
Australian business groups are also questioning the timing of the planned new laws later this year. The Australian government aims to get a raft of laws that affect businesses’ through this month’s final sitting of Parliament before the 14 September election, but it currently has a backlog of more than 50 other bills.
On the proposed data breach notification law, the Australian banks claim they will often have to seek legal advice on whether to report a breach, and the government's proposal could also put pressure on the industry’s regulator.