Fiona Nash (NSW, National Party, Deputy Leader of the Nationals) Share this | Hansard source

In relation to the higher penalty for breaches of the privacy provisions, firstly it is considered unnecessary. Under the Privacy Act, there is capacity to penalise up to $1.8 million. That is my understanding. I think it has to be taken into account as well that while obviously Labor is targeting this at Telstra Health we may well see family GP practices—and I am sure you would understand this, senator—also subject to the proposed increase in penalty should they make a breach. I think we have got to take into account also that Telstra are going to be very well aware of the reputational aspect of anything that might cause them to be considered as having done the wrong thing. I think we will find they are extremely focused on that, and we think that is appropriate.

In terms of data breaching—and I assume you are talking about the mandatory notification for data breaching moved by the Labor Party—certainly the bill, as amended by the government yesterday, already imposes a legal obligation on a contracted service provider. The contracted service provider and the secretary are to notify the Information Commissioner when they become aware of a data breach, or a possible data breach, in the handling of personal information on the register. The government amendment also includes a requirement for certain actions to be taken in response to the data breach, including containing and evaluating the risks associated with the breach and prevention of future breaches. Other steps include the Department of Health working with the Information Commissioner about notifying affected individuals. Any data breaches will be handled using established protocols for personal information breaches. As you referred to before, the amendments are in line with the provisions in the My Health Records Act 2012. It ensures a very systematic and measured response. At the same time I think we need to note that any mandatory requirement may well not give us the outcome we are looking for.