Legislation was recently introduced in the Australian parliament that would require companies to publicly disclose data security breaches. The legislation is intended to protect the public by ensuring they are promptly notified if their personal data is compromised. Under the proposed legislation, an administrative agency in Australia would be empowered to levy fines of up to $1.7 million on companies that fail to comply with the disclosure requirements. Clearly, cyber-liability is an international problem.
While the proposed legislation has the purpose of protecting the public from cyber breaches, it may have the unintended consequence of furthering the proliferation of cyber liability class action lawsuits. Here, a US class action lawsuit immediately follows most cyber breaches. Take, for example, the suit that followed the LinkedIn hack in June 2012. If the proposed legislation is passed in Australia, it is fair to assume that the plaintiff’s bar will carefully monitor cyber breaches as announced in accordance with the legislation’s requirements.
Lawsuits arising out of cyber security breaches are being filed with increased frequency here and around the world. With increased incidents come more cyber related lawsuits. All professionals must ensure that they are adequately covered against potential cyber claims, and should implement security measures to prevent hacking. The Australian government has obviously taken notice of the threat of cyber liability and you should too.