Tasmanians need to be told about hacker attacks, according to a review looking at the state's decades-old privacy laws.
Create a free account to read this article
$0/
(min cost $0)
or signup to continue reading
The Tasmanian Law Reform Institute (TLRI) has released its final report into the state's privacy laws, making a number of recommendations to improve the region's privacy.
Current state privacy laws do not offer adequate protections, for example, they do not apply to charities, non-government organisations or private businesses.
The review progressed after 16,000 documents held bhttps://www.thesenior.com.au/story/8671463/treasure-trove-of-lost-items-ride-last-train-to-charity/y the state's education department were stolen by hackers.
Read more on The Senior
Among its final report recommendations the TLRI agreed that a data breach notification scheme must be introduced in Tasmania.
These schemes force organisations to report and investigate data breaches of personal information, tax file numbers and credit details, and are aimed at increasing privacy protections.
"Data breach notification schemes are an important tool for improving transparency and protection from privacy-related harm for individuals," the TLRI said in its final report.
It said a state scheme would bring Tasmania into line with national privacy laws, as well as other states also enacting such schemes.
Health, finance and legal data hacked hundreds of times
A national mandatory breach notification scheme introduced in 2018 uncovered 964 data breaches in its first year of operation, which might otherwise have remained hidden under voluntary reporting.
Last year health, finance, employment, legal and management organisations reported 409 data breaches that were mostly malicious or criminal attacks.
Tasmania privacy experts supported the introduction of a state scheme.
Civil Liberties Australia state director Richard Griggs, in his submission to the review, said the public would expect to be informed about data hacks of personal information.
He said criminal attacks on personal data, as well as unathorised access, modification, misuse, loss or disclosure of information, should result in a notification that can be used by affected individuals to take protective and preventative action.
University of Tasmania cybersecurity expert Joel Scanlan said data breaches should attract fines.
In his submission to the review Dr Scanlan said a liability might prevent organisations from collecting private information that they do not need.
Such as the announcement by the Tasmanian Department of Education, Children and Young People of a possible theft of data in March 2023.
- This article first appeared in The Examiner.
