On 2 May 2013, the Australian Government released, to a limited number of key stakeholders, a confidential Exposure Draft Bill for an Australian mandatory data breach notification scheme. This is the strongest indication yet that mandatory privacy breach notifications will come into force.

In the same week, Commonwealth Attorney-General Mark Dreyfus commented at the launch of Privacy Awareness Week 2013 that there is a "strong case" to move to a mandatory data breach notification scheme.

Background -

For some time, privacy lawyers have advised clients to expect some form of mandatory notification requirements. When it did not make it into the Privacy Amendment (Enhancing Privacy Protection) Act 2012 most thought it would not be addressed until after organisations digested and implemented the changes for the Australian Privacy Principles, before 12 March 2014. The implementation of a mandatory data breach notification scheme is however more imminent than ever, with the considerable rise in personal information stored in the cloud and the rise in reported instances of improper access to personal information.