Although a decision on mandatory data breach notifications will not be made until the second stage of the Federal Government’s response to the ALRC Report (to be considered once the first stages reforms have been progressed), in the meantime the Privacy Commissioner’s voluntary guide should be considered when developing your policy on responding to data breaches.

To remind us that serious data breaches are still occurring, Computerworld has published the 2009 data breach hall of shame. Most of these resulted from basic security breaches.