Australian legislation currently makes no requirement to report a data breach (though there may be an obligation at common law).<br><br>It's something legislators are considering:<br><br><a href="http://www.itnews.com.au/News/275598,data-breach-laws-to-follow-privacy-reforms.aspx">http://www.itnews.com.au/News/275598,data-breach-laws-to-follow-privacy-reforms.aspx</a><br>
<br>Paul Wilkins<br><br><br><div class="gmail_quote">On Wed, Jul 25, 2012 at 7:48 PM, Martin - StudioCoast <span dir="ltr"><<a href="mailto:martin.sinclair@studiocoast.com.au" target="_blank">martin.sinclair@studiocoast.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
  
    
  
  <div bgcolor="#FFFFFF" text="#000000">
    <div><font size="-1"><font face="Arial">Does
          an ISP have a duty of disclosure for an information breach
          such as this?<br>
          My view is that they have an ethical duty to inform customers
          but i'm not aware of if there are actually any laws to this
          effect.<br>
          <br>
          If the hacker is telling the truth and the telco patched the
          vulnerability then it seems likely they knew about it.</font></font>
    </div>
    <br>
  </div>

<br>_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br>