Insurers say no to mandatory breach reports
Australian insurers do not support a mandatory privacy breach notification regime, according to the Insurance Council of Australia (ICA).
It says the industry continues to perform well in protecting customers’ private information, with just 35 complaints against the life and general sectors listed in the Office of the Australian Information Commissioner’s 2010/11 report.
There were 31 million retail policies in force that year, the council says in its response to a government discussion paper on breach notification.
ICA’s preference is for the Government to continue building awareness of current guidance on notifications, rather than introduce “unnecessary” mandatory provisions.
If laws are introduced “the damage to an organisation’s reputation [after] not notifying a serious breach is likely sufficient incentive for compliance” in lieu of further penalties.
The Government is consulting on mandatory notification following the introduction of similar laws in the US and several high-profile data breaches in recent years.