Australia's (proposed) new mandatory reporting regime on privacy regulations will impact foreign organisations/companies who deal directly with consumers, e.g. on-line sales, or process personal info on behalf of Australian organisations. The implications of a breach may be significant. Therefore, the question is: if these regulations apply to your company/organisation, how, or will, your board monitor this new risk element?