As the Privacy Amendment (Notifiable Data Breaches) Bill 2016 has been introduced into the House of Representatives for consideration this year it is worth looking at possible market and regulatory responses if notification is not given of a relevant data breach.
Apart from the Privacy Commissioner’s power to investigate, seek an enforceable undertaking and pursue a civil penalty, affected investors may issue proceedings as well as affected customers.
For example, the Wall Street Journal is reporting that the USA Securities and Exchange Commission is investigating whether Yahoo Inc.’s two data breaches in 2013 and 2014 should have been reported sooner to investors.
The investigation is likely to center on a 2014 data breach at Yahoo that compromised the data of at least 500 million users. Yahoo disclosed that breach in September 2016, despite having linked the incident to state-sponsored hackers two years earlier.
In December 2016 Yahoo also said it had recently discovered an August 2013 data breach that had exposed the private information of more than 1 billion Yahoo users.
CIO.com has published Experian’s 5 data breach predictions for 2017
They are:
•Aftershock password breaches;
•Nation-state cyber-attacks;
•Healthcare organizations will be the most targeted sector;
•Criminals will focus on payment-based attacks;
•International data breaches of multinational companies.
What have been the world’s biggest data breaches?
Look at this interactive infographic
Video about the Privacy Amendment (Notifiable Data Breaches) Bill 2016