The disruptive shift of technologies in the Internet age poses the challenge of securing our digital asset and cyberspace from large-scale, sophisticatedly targeted offenses and cybercrimes. As a response, many governments have introduced mandatory notification schemes in which an entity bears an obligation to notify the regulator and affected individuals if personal data it holds is compromised. Focusing on Australia’s Notifiable Data Breach (NDB) scheme introduced in 2018, this paper points out that the NDB scheme gives entities that should be responsible for data protection much leeway while holding individuals, only victims of a data breach, responsible for dealing with the consequences. This is problematic as redressing the grievances caused by a data breach is difficult in the Australian context. It is difficult for a victim of a breach of privacy to bring an action in court mainly because there is no established tort of privacy in Australia. Further, bringing a class action for data breaches is a difficult process. We suggest that the real effect of the NDB scheme requires an understanding in a broader context of Australian Privacy Principles (APPs). Regulated in a broader APPs context, the NDB scheme could become a part of a privacy protection regime that requires public agencies and businesses to have better accountability and responsibility mechanisms.

互联网时代技术的颠覆性变革提出了挑战，要求保护我们的数字资产和网络空间免受大规模，复杂的针对性攻击和网络犯罪。作为回应，许多政府引入了强制性通知计划，在这种计划中，实体有义务在其个人数据遭到泄露时通知监管机构和受影响的个人。本文着眼于2018年推出的澳大利亚可报告数据泄露（NDB）计划，指出NDB计划使应负责数据保护的实体有很大的回旋余地，而个人（仅是数据泄露的受害者）应负责处理后果。这是有问题的，因为在澳大利亚背景下，纠正因数据泄露而引起的不满是很困难的。侵犯隐私权的受害者很难在法庭上提起诉讼，主要是因为澳大利亚没有确定的隐私权侵权行为。此外，针对数据泄露采取集体诉讼是一个困难的过程。我们建议NDB计划的真正效果需要在更广泛的澳大利亚隐私原则（APP）的背景下进行理解。在更广泛的APP环境中受到监管，NDB计划可能成为隐私保护制度的一部分，该制度要求公共机构和企业具有更好的问责制和责任机制。我们建议NDB计划的真正效果需要在更广泛的澳大利亚隐私原则（APP）的背景下进行理解。在更广泛的APP环境中受到监管，NDB计划可能成为隐私保护制度的一部分，该制度要求公共机构和企业具有更好的问责制和责任机制。我们建议NDB计划的真正效果需要在更广泛的澳大利亚隐私原则（APP）的背景下进行理解。在更广泛的APP环境中受到监管，NDB计划可能成为隐私保护制度的一部分，该制度要求公共机构和企业具有更好的问责制和责任机制。