Notification of data breaches under the continuous disclosure regime

Low, Rouhshi, Burdon, Mark, & von Nessen, Paul (2010) Notification of data breaches under the continuous disclosure regime. Australian Journal of Corporate Law, 25(1), pp. 70-100.

View at publisher


Consumer personal information is now a valuable commodity for most corporations. Concomitant with increased value is the expansion of new legal obligations to protect personal information. Mandatory data breach notification laws are an important new development in this regard. Such laws require a corporation that has suffered a data breach, which involves personal information, such as a computer hacking incident, to notify those persons who may have been affected by the breach. Regulators may also need to be notified. Australia currently does not have a mandatory data breach notification law but this may be about to change. The Australian Law Reform Commission has suggested that a data breach notification scheme be implemented through the Privacy Act 1988 (Cth). However, the notification of data breaches may already be required under the continuous disclosure regime stipulated by the Corporations Act 2001 (Cth) and the Australian Stock Exchange (ASX) Listing Rules. Accordingly, this article examines whether the notification of data breaches is a statutory requirement of the existing continuous disclosure regime and whether the ASX should therefore be notified of such incidents.

Impact and interest:

Search Google Scholar™

Citation counts are sourced monthly from Scopus and Web of Science® citation databases.

These databases contain citations from different subsets of available publications and different time periods and thus the citation count from each is usually different. Some works are not in either database and no count is displayed. Scopus includes citations from articles published in 1996 onwards, and Web of Science® generally from 1980 onwards.

Citations counts from the Google Scholar™ indexing service can be viewed at the linked Google Scholar™ search.

Full-text downloads:

766 since deposited on 12 Nov 2010
100 in the past twelve months

Full-text downloads displays the total number of times this work’s files (e.g., a PDF) have been downloaded from QUT ePrints as well as the number of downloads in the previous 365 days. The count includes downloads for all files if a work has more than one.

ID Code: 38444
Item Type: Journal Article
Refereed: Yes
Additional URLs:
Keywords: Data breach notification, Continuous disclosure, Corporations Act 2001 (Cth.) - Australia
ISSN: 1037-4124
Subjects: Australian and New Zealand Standard Research Classification > LAW AND LEGAL STUDIES (180000) > LAW (180100) > Law not elsewhere classified (180199)
Divisions: Current > QUT Faculties and Divisions > QUT Business School
Copyright Owner: Copyright 2010 Lexis Nexis and Authors
Deposited On: 12 Nov 2010 00:08
Last Modified: 30 Jun 2017 14:42

Export: EndNote | Dublin Core | BibTeX

Repository Staff Only: item control page