The pharma industry may have another level of regulation to worry about under a draft bill which makes them responsible for data breaches of personal information.

The industry has already had its fair share of privacy headaches recently - there was much debate about the incoming transparency requirements and how they would comply with the privacy act.

Now, under this draft data breach notification bill, which is open for comment until 4 March, companies will be liable for any hacks of personal data.

Any business with a turnover in excess of $3 million will be subject to mandatory reporting of any breaches of personal data to both the privacy commissioner and the individual themselves, Gordon Hughes, partner at Davies Collison Cave explained to Pharma in Focus.

Personal information is any data on a person that a company may be holding, from which the individual can be identified - anything from information on a doctor to patient information collected during an adverse event report.

"This adds yet another layer of regulation for the pharma industry," said Dr Hughes.

"The message for industry is that you need to keep that personal information safe."

Originally published in Pharma in Focus