After the Optus data breach, calls for changes to privacy laws

A minimum disclosure framework should inform the public about the type of data breach and the strategies the organisation affected has adopted to mitigate the damages. The Optus data breach, which has affected close to 10 million Australians, has sparked calls for changes to Australia's privacy laws, placing limits on what and for how long organisations can hold our personal data. Equally important is to strengthen obligations for organisations to publicly disclose data breaches. Optus made a public announcement about its breach, but was not legally required to do so. In fact, beyond the aggregated data produced by the Office of the Australian Information Commissioner, the public is not made aware of the vast majority of data breaches that occur in Australia every year. Australia has had a " Notifiable Data Breaches " scheme since February 2018 that requires all organisation to notify affected individuals as well as the Office of the Australian Information Commissioner in the case a breach of personal information likely to result in serious harm. However, no notification is required if the organisation takes remedial action to prevent harm.