Mandatory reporting of privacy breaches is critical to ensure Privacy
California was the first place to mandate a company make public the fact they had been breached in 2001, followed by the EU in 2009, and now Australia.
The Australian senate has given the go-ahead on a bill that requires companies to report security breaches, while the New Zealand equivalent remains in beta. The Australian law will come into effect some time in the next 12 months, requiring breaches that cause "serious physical, psychological, emotional, economic and financial harm, as well as serious harm to reputation and other forms of serious harm" to be reported to Australia's Privacy Commissioner within 30 days of the breach. New Zealand's attempt to make security breaches public was floated as an aspect of a overhaul the Privacy Act overhaul. Reporting breaches of personal data was first proposed in 2014 with punitive fines up to $10,000. It has yet to make it through Parliament.