As the impact of the credit card security fraud on Australian cardholders becomes clearer (see The Age today), questions are being asked why Australians do not deserve the same kind of protection against data theft as Americans.
A number of US States have adopted security breach notification laws which force companies to tell customers of the theft of their personal data. This June 2005 Alert from Proskauer Rose gives a good overview of the US position.
The Australian Bankers Association Media Release says:
The argument that banks should instantaneously report to the customer all security breaches is a
matter the industry will continue to consider, but any automatic reporting requirement must be evaluated against the need for customer convenience, materiality and system integrity.
UPDATE 28 June: The Australian Bankers’ Association (ABA) is establishing an Information Security Taskforce to examine whether the current arrangements with respect to advice on breaches of security
of customer information can be improved.
The review will commence by 1 July and the ABA will be making a further statement about outcomes towards the end of 2005.