But Tim Bentley, vice-president, APJ, at security company Proofpoint, says that there will be no real action on the ground until a big, local data breach occurs.
“The impact of security incidents, and particularly data breaches, are wide-reaching across Australia's business landscape," Bentley said.
"According to accounting firm PwC, there has been a 109% increase in detected security incidents in Australian companies, compared to a 38% global average.
There have a variety of viewpoints expressed by people who are considered experts; some say the law will make a difference, others say it will do nothing, and a third category say the primary concern is information security.
Bentley said despite the alarming findings about breaches, "there is concern that the new data breach disclosure laws will not amass real action on the ground in the business community until a big, local breach in post-data disclosure Australia occurs".
"That said, this new mandatory data breach notification is a strong step forward: when passed, the legislation will mean that Australia has some of the strictest disclosure rules in the world."
He said data breaches were not just an IT security issue, but a fundamental data governance issue as well.
"Organisations must combine information security with data governance programs that identify, classify and protect critical and sensitive data assets.
"Technologies like encryption and data loss prevention provide automated controls that protect the processing and storage of sensitive information.
"By implementing multi-layered defence strategies leveraging technology controls, businesses can reduce the likelihood of data exposure.”