Cybercrime and Data Breach: Privacy Protection through the Regulation of Voluntary Notification
Prepared for the Korea Legislation Research Institute (KLRI), 2017 Legal Scholar Roundtable, How Law Operates in the Wired Society, Seoul, Korea, 2017
9 Pages Posted: 11 Dec 2017 Last revised: 2 Dec 2017
Date Written: 2017
Abstract
Increasing criminal use of the Internet poses a serious threat to individuals, businesses, industry and governments. Criminals understand the opportunity offered by an online society, and methods for identity theft, financial crime and other crime have adapted to the Internet. This paper focuses on one of many different types of cybercrimes: data breach. Data breach may involve serious cybercrime as breach of personal identifying information not only imposes huge costs to individuals and organizations but also deprives of “their right to confidentiality, privacy and integrity of their personal information,” which is hardly quantifiable.
This paper aims to better understand the recent legal reform in Australia enacting the Mandatory Data Breach Notification Act. Australia joined the trend in February 2017 by legislating amendment to Privacy Act, which is Privacy Amendment (Notifiable Data Breaches) Bill 2017. This is a significant improvement in privacy protection and data security, as literally speaking all of our personal information is kept online by many different private and public organizations, from government agencies and financial institutions to almost all online services, whose level of data protection system may vary. In order to understand the new reform, this paper undertakes the following tasks. Section 2 presents a summary of the Australian voluntary notification law. Section 3 provides an analysis of the Australian voluntary notification law, focusing on whether voluntary notification can be a way of enhancing the protection of personal data, and eventually of individual privacy. Regulatory enforcement measures are of particular concern to see if they make up for the ex post characteristics of voluntary notification.
Keywords: Cybercrime, Data Breach, Regulation, Risk, Cybersecurity, Cybersecurity, Data Privacy
Suggested Citation: Suggested Citation