News

ADMA warns against mandatory reporting after Catch of the Day delayed revealing breach for three years

jodie-sangsterThe Association of Data Driven Marketing and Advertising (ADMA) has warned that forcing companies to report data breaches could see consumers unnecessarily “flooded” with reports that their personal details may have been compromised.

Chief executive Jodie Sangster said making it mandatory to notify the Privacy Commissioner could be counter-productive as genuinely serious breaches may be lost amid a mass of unnecessary warnings.

Her comments came after news emerged that daily deals website Catch of the Day told consumers of a potential security breach three years after the incident.

The company claimed it had worked through the issue back in 2011 and only told the public of the breach now because advances in technology meant it may now be possible for passwords to be compromised.

Under current laws companies do not have to report breaches to the Privacy Commissioner. Although the debate over changing the regulations to make it compulsory is currently off the agenda, Sangster predicted the discussion will resurface.

She told Mumbrella that breaches where there was “no risk” to consumers did not need reporting.

“What ADMA would say is that if the consumer is put at risk with the type of data that has been breached  then it is best practice to let them know,” Sangster said. “What we don’t want to happen is that every time there is a breach you have to go out and tell consumers.

“It should only be made compulsory if we can get to a sensible position whereby it’s of benefit to the customer and they are not going to get flooded with data beach notifications.

“If we go down the path of making it mandatory for every breach to be reported then the ones that are serious are not going to get through.”

Steve Jones

ADVERTISEMENT

SUBSCRIBE

Sign up to our free daily update to get the latest in media and marketing