Scott Ludlam (WA, Australian Greens) Share this | Hansard source

Thank you. I will not detain the chamber for long. The Senate had begun to debate mandatory data breach notification under the previous government. I do not recall who had carriage of it, but the Labor government had introduced such a bill before the 2013 election and I understood that it actually had the support of all sides of the chamber.

When the government introduced its dramatically unpopular mandatory data retention laws last year it was a recommendation firstly of the Joint Committee on Intelligence and Security, and then it was a commitment of the Attorney-General, George Brandis, to introduce data breach notification laws. Senator Singh had a private senator's bill in this place that I think is midway through debate. All it means is that if an agency or an entity loses control of your private information you have a right to be told. What could be simpler than that?

Where is the bill? After stuffing around for more than two years we got an exposure draft late last year. Why is this not already law? Why does the government not simply get on with it?

I move:

That the Senate—

(a) notes that:

(i) the Senate had begun debate on mandatory data breach notification legislation prior to the 2013 election;

(ii) the Attorney-General (Senator Brandis) committed to introduce data breach notification laws before the end of 2015 during the debate over the national data retention scheme;

(iii) the Attorney-General again committed to introduce such laws to the parliament before the end of 2015 in an answer to a question without notice on 13 October 2015;

(iv) contrary to these commitments, the bill has not been introduced; and

(b) calls on the government to make a statement to the Senate on 3 February 2016 explaining why such legislation has not been introduced, and clarifying the government's intentions.