Yes. I think we already have standards in this bill and in previous bills that could be helpful in terms of talking about, for example, we think it's certainly reasonable to keep records if it's reasonable that the breach would create a real risk of significant harm to an individual.That's already proposed for notification of individuals and the Privacy Commissioner. I think that would be a good standard in terms of materiality for the record keeping required. You'd know that they meant something and there was some real risk of harm.
On February 17th, 2015. See this statement in context.