George Brandis (Queensland, Liberal Party, Attorney-General) Share this | Hansard source

Senator Ludlam, it is a fair point that you make, to which I respond in this way. It is, I hope you would agree, important that legislation that imposes what is potentially 'quite an onerous obligation' on those who hold data applies only to non-trivial breaches, breaches that are causative of harm and are significant. It is very difficult—indeed, I dare say impossible—to legislatively define the threshold at which one considers a breach to be non-harmful or non-trivial and therefore in these circumstances it is necessary to use reasonably generic language.

If it be accepted that the obligations imposed by the legislation should apply only to harmful or to non-trivial breaches then a body of precedent and practice will develop as the legislation operates and the development of those more particular guidelines will be assisted by the publication of compliance guidance by the Office of the Australian Information Commissioner so that a clearer picture can emerge as to where one draws the line. I readily acknowledge that different minds will differ as to where the line should be drawn between trivial and non-trivial breaches and harmful and non-harmful breaches, but, as I said, if one accepts that the legislation should apply only to non-trivial breaches and should apply only to harmful breaches then in the absence of any more precise capacity to formulate that in the statute it will be formulated by practice and the development of precedent guided by the guidelines of the Office of the Australian Information Commissioner.