Windows Server 2012 Resource Centre
[ad] Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Click here to visit our Windows Server 2012 Resource Centre with case studies, white papers and articles about Windows Server 2012.
Nokia Lumia Smartphones: Innovation's calling
[ad] Nokia Lumia with Windows Phone comes with unique camera technology, wireless charging and turn-by-turn navigation. Make every image picture perfect. See your city differently. Charge without wires. Click here to learn more.
Save up to $199 on Dell XPS 12 Ultrabooks: Power for your projects and passions.
[ad] This convertible Ultrabook™ delivers the speed and performance you expect from the XPS family in a sleek new design that's ready for work and play. Don't get two pieces of technology when one will do it all. The Dell XPS 12 is a tablet and Ultrabook combined to produce the perfect laptop.
Great articles on other sites
- IBM settles with Australian government over e-health contract
- Telstra unveils CAT4 4G wi-fi dongle combo
- Rio Tinto scales BYOD to 4000 users
- QLD energy provider to outsource IT services
- TransGrid makes the leap to Windows 7
- Major network outage at Anittel
- Is The Xbox Durango Prankster About To Be Charged With Owning A ‘Stun Gun’?
- $5.2m to put e-tax on Mac
- Galaxy S 4 “Google Edition” to be available in Australia via MobiCity
- When does mission creep become censorship?
Managing virtualised environments: Free whitepaper
[ad] Virtualisation is one of the single most important technologies for efficiently operating servers. This free whitepaper presents information about current trends in virtualisation adoption, risks associated with single vendor virtualisation, and the benefits of open source virtualisation. Click here to download the whitepaper.
News, Security - Written by Renai LeMay on Thursday, October 18, 2012 17:17 - 15 Comments
Govt may force data breach disclosure
news In a move which has been debated and rumoured within the IT security industry for years, the Federal Government this week confirmed it would seek public opinion on whether it should force organisations to disclose when their databases containing personal information had been broken into by hackers – or even inadvertently.
Currently, organisations who have customer or stakeholder information stolen are not required under privacy laws to tell customers who may have been affected by such breaches. Generally the public is only informed about such situations if the organisation concerned volunteers the information, sometimes following a standardised approach promulgated by the Australian Privacy Commissioner, or if the public is made aware of the issue through other means, such as a leak to journalists.
Such data breaches occur regularly. For example, in just the past several months, telcos iiNet and AAPT have had some of their IT systems broken into, and some customer or employee information accesses. Neither company volunteered information about the breaches until journalists contacted them with enquiries. In a wider sense, breaches have become common globally over the past several years, with one high-profile event being the theft in mid-2011 of some 77 million accounts using Sony’s online PlayStation Network.
In a statement issued yesterday, Attorney-General Nicola Roxon said it was time for a public discussion on how legislation might deal with data breaches. “Australians who transact online rightfully expect their personal information will be protected,” Roxon said. “More personal information about Australians than ever before is held online, and several high profile data breaches have shown that this information can be susceptible to hackers. The question we are asking today is should organisations be required by law to make data breach notifications when they occur?”
To canvass the issue, Roxon’s Attorney-General’s Department has issued a discussion paper on the issue, noting that mandatory data breach notification schemes are in place or currently being considered in a number of jurisdictions, including the United States, the European Union, the United Kingdom and Ireland.
The discussion paper examines such issues as what constitutes a data breach and what should trigger a notification; who should be notified (for example, the Privacy Commissioner and/or affected consumers); and what penalties might be appropriate for failing to notify those affected.
“As with other public consultation on privacy issues, the Government expects – and welcomes – a wide range of views about whether this legislation is necessary,” Roxon said.
This discussion paper follows new legislation the Government introduced into the Parliament in May that makes sure Australia’s laws keep pace with the with changing consumer and business practices, particularly in the online environment. The legislation aims to better protect people’s personal information, simplify credit reporting arrangements and give new enforcement powers to the Privacy Commissioner.
To be honest, I am really kind of scared about what will happen should Australia implement a mandatory data breach notification system. Why? Because I think there will be so many breaches disclosed that we will find it hard to keep up with all the breaches being disclosed. In some senses I feel as though I don’t quite want to know how bad things really are.
Currently, we really only hear about data breaches when a major hack has occurred. Something such as the PlayStation Network breach, where millions of accounts have been compromised and the company concerned has no choice but to disclose the issue, given that it’s already being inundated with queries from affected customers who are seeing weird activity on their account, or even simply being spammed.
If this kind of data breach notification system comes into play, I anticipate that Australians would see dozens, perhaps hundreds of notifications each year. Think about how many organisations hold your data. How many marketing databases you are on. How many people send you emails of a commercial nature occasionally. All of this would most likely be subject to mandatory data breach disclosure laws.
If you doubt the seriousness of this issue, then consider the series of audit reports which have been published into the security of various state and federal government departments and agencies in Australia over the past several years. To give you one example, in June 2011, Western Australia’s auditor-general handed down a landmark report which detailed the fact that none of a wide range of government departments and agencies in the state were currently able to prevent basic cyber-attacks against their IT infrastructure — or even detect that they had taken place.
In October 2010, NSW’s auditor-general Peter Achterstraat rubbished the State Government’s IT security procedures in a report published at that time, saying the state could not guarantee to its residents that it was keeping their information secure and away from prying eyes. In the report, Achterstraat wrote that NSW had been issuing edicts about electronic information security for a decade, with agencies having been directed since at least 2001 to develop and implement security policies around how they hold personal information and certify their IT systems.
Extrapolate this situation to most governments in Australia, the myriad of councils, and the many mid-level corporations and non-profits which maintain databases on customers and stakeholders but don’t have a good level of IT skills in-house to maintain the security of their systems, and you can start to see the potential magnitude of the problem. The reality is that sensitive information is getting hacked on a daily basis throughout Australia, and that very little of it is currently being disclosed. Perhaps one percent, or even less? It’s hard to say. But I think it will be somewhat scary finding out.
Leave a Comment
Enterprise IT, Featured, News - May 24, 2013 10:38 - 4 Comments
More In Enterprise IT
- Perpetual dumps CIO after Fujitsu outsourcing
- Victoria abandons IT shared services?
Core CenITex services to be outsourced
- Australia gets two Windows Azure datacentres
- Oracle reveals swathe of Aussie rollouts
- Australia’s universities hacked on a regular basis
News, Telecommunications - May 23, 2013 11:57 - 86 Comments
More In Telecommunications
- Telstra set for massive internal restructure
- iiNet sells TransACT’s FTTP to NBN Co
- At death’s door:
Vodafone loses 216k more customers
- 4G race: Telstra turns on 1500th tower
- Optus launches TD-LTE 4G trial in Canberra
Blog, Gadgets - May 24, 2013 14:48 - 4 Comments
More In Gadgets
- 3G ASUS 7″ Fonepad lands Down Under
- HP forces MicroServer fan page offline?
- Surprise! Xbox One neutered for Australia
- Sony Xperia Z tablet hits Australia
- HP Slate 7 to land in Australia shortly