Natasha Bita reports:
Companies that lose or leak customers’ personal data will be forced to apologise or pay compensation for psychological harm under new laws blasted by business groups.
The federal government plans to introduce new privacy legislation this year, requiring banks, phone and internet providers, retailers and government departments to tell customers when data has been hacked or stolen.
Customers must be notified of breaches that cause “serious harm’’ — which the draft bill defines as physical, psychological, emotional, economic and financial harm, as well as “harm to reputation’’.
Patients will have to be told whenever health records are leaked, lost or stolen.
Companies risk $1.8 million fines if they fail to tell customers about data leaks under the proposed new law. But they can avoid prosecution if they pay compensation to customers, issue public or personal apologies, or agree to court-enforceable undertakings.
Wait. They can get out of any mitigation if they simply notify and apologize? Seriously?
Read more on The Daily Telegraph.
Related: There were a lot of responses to the proposal when it was opened up for consultation earlier this year.