Windows Server 2012 Resource Centre
[ad] Windows Server 2012 redefines the server category, delivering hundreds of new features and enhancements spanning virtualization, networking, storage, user experience, cloud computing, automation, and more. Click here to visit our Windows Server 2012 Resource Centre with case studies, white papers and articles about Windows Server 2012.
Nokia Lumia Smartphones: Innovation's calling
[ad] Nokia Lumia with Windows Phone comes with unique camera technology, wireless charging and turn-by-turn navigation. Make every image picture perfect. See your city differently. Charge without wires. Click here to learn more.
Save up to $199 on Dell XPS 12 Ultrabooks: Power for your projects and passions.
[ad] This convertible Ultrabook™ delivers the speed and performance you expect from the XPS family in a sleek new design that's ready for work and play. Don't get two pieces of technology when one will do it all. The Dell XPS 12 is a tablet and Ultrabook combined to produce the perfect laptop.
Great articles on other sites
- IBM settles with Australian government over e-health contract
- Telstra unveils CAT4 4G wi-fi dongle combo
- Rio Tinto scales BYOD to 4000 users
- QLD energy provider to outsource IT services
- TransGrid makes the leap to Windows 7
- Major network outage at Anittel
- Is The Xbox Durango Prankster About To Be Charged With Owning A ‘Stun Gun’?
- $5.2m to put e-tax on Mac
- Galaxy S 4 “Google Edition” to be available in Australia via MobiCity
- When does mission creep become censorship?
Managing virtualised environments: Free whitepaper
[ad] Virtualisation is one of the single most important technologies for efficiently operating servers. This free whitepaper presents information about current trends in virtualisation adoption, risks associated with single vendor virtualisation, and the benefits of open source virtualisation. Click here to download the whitepaper.
Analysis, Security - Written by External Contributor on Monday, October 22, 2012 10:12 - 5 Comments
Why data breach reporting should be mandatory
analysis In an age of Facebook, eBay and online banking, data privacy is becoming more important than ever before. The majority of Australians have personal information stored online with a range of organisations and companies – information we’d rather the whole world didn’t have access to.
A discussion paper released by federal Attorney-General Nicola Roxon on Wednesday could be a step forward in the fight to keep private data, well, private. Entitled “Australian Privacy Breach Notification”, the discussion paper asks whether companies and other organisations should be required to report any breaches that occur to personal data they are storing.
Only a day after Ms Roxon released the discussion paper we saw a great example of why mandatory data-breach notification is required. On Thursday Australia Post shut down its electronic parcel tracking service after a computer malfunction exposed the personal details of thousands of customers who were sent parcels. Mandatory data-breach reporting would have required Australia Post to tell customers of the breach immediately, rather than having the message delivered through the media the following day.
In a press release on Wednesday explaining the motivations behind the new discussion paper, Ms Roxon said: “Australians who transact online rightfully expect their personal information will be protected.” What Ms Roxon didn’t say was the majority of companies don’t seem to take customer privacy very seriously. Currently, if an Australia company suffers a data or security breach, they are encouraged (but not required) to disclose the details to the Privacy Commissioner.
But the reality is very few companies report data-breach notifications, and the number of reports is dropping. These facts are corroborated by a review of data breaches reported online by customers and in the media.
And, as former hacker Kevin Mitnick told Fairfax on August 9, there’s little motivation for a company to admit they’ve been hacked and had data stolen: “Think about it: if you were running a multi-million dollar company and your database of customer information was stolen would you want to tell your clients? No. Most [US] companies did not until the laws required them to. It’s in the best interest of organisations – when they’re attacked and information is stolen – to tell nobody.”
Not everyone is a fan of the proposed mandatory data-breach reporting. The Australian Banking Association (ABA) acting chief, Tony Burke said today that mandatory data breach reporting would lead to: “… an unwarranted loss of confidence in Australia’s payment systems to the detriment of all. Attempting to notify individuals potentially affected could lead to significant levels of community concern, disproportionate to the actual level of risk, which could well be zero.”
What Mr Burke does not appear to acknowledge is the fundamental right of every Australian to know if their personal data has been compromised. Australians should be able to select a bank based upon the bank’s record of keeping personal data secure.
So how would mandatory data-breach reporting help the average consumer? As Australian Privacy Commissioner Timothy Pilgrim said in a press release on Wednesday: “Where personal information has been compromised, notification can be essential in helping individuals to regain control of that information. For example, an individual can … change passwords or account numbers if they know a data breach has occurred.”
If nothing else, it will force companies to let consumers know directly if their information has been compromised – surely better than reading about it in the newspaper the next day or finding out when a criminal uses the information to commit fraud.
The possibility of mandatory data-breach notification laws raises the question of impact on Australian organisations. For some the new requirements would have a minimal effect, but for many others there would be need for change. The first question every Australian company will need to be able to answer is: “If there is a data breach will we recognise that the breach has occurred?”
For many organisations this will not be an easy question to answer. Most Australian companies are connected to the internet using low-cost security devices that are typically set up using default settings. Professionals are not contracted to monitor the company’s connection to the internet and systems that provide products or services to customers over the internet. What this means is Australian companies will need to audit every system that interfaces with the internet to ensure security breaches can be identified. Security systems will also need to be able to collect information that can be provided to the authorities if a security breach leads to a data breach.
One approach that should be adopted by Australian companies is to utilise Intrusion Detection Systems (IDS) which are set up, maintained and monitored by appropriately trained network engineers. Companies will need to adopt a culture that will raise the focus on security and privacy to a level previously not seen in Australia. The Attorney-General should consider introducing a mandatory annual network and system security audit for all companies or organisations that may be subject to a data breach.
Most US states now have data-breach notification laws and the US federal government is considering introducing uniform national laws. Europe is in a similar situation. The existing laws don’t cover all organisations subjected to potential data breaches and only electronic communication providers (carriers) are required to notify regulators and customers of data breaches. The European Union is also considering laws that would cover all organisations that may be subject to data breaches.
The timing of Ms Roxon’s announcement, considering the aforementioned moves in the US and Europe, may lead to a belief that Australia is acting in concert with legislative changes overseas. Australia must be prepared to get out in front of other nations because privacy and security reform is long overdue.
Ms Roxon’s announcement and the release of the discussion paper should be applauded because Australians are being subjected to privacy attacks from all angles. Examples that we should remember include the Sony PlayStation data breach in which 1.5 million Australian accounts were exposed, and the Google Wi-Fi data harvest.
Of course the discussion paper is just the first step down the path of mandatory data-breach reporting in Australia and many questions remain. Including: Who should be notified in the case of a data breach? Should penalties apply when an organisation fails to comply? But as we move forward in this era of online transactions and social media – an era that will feature the NBN and its many opportunities and applications – there’s a need for security and privacy legislation to keep pace. Most importantly, there’s a need for Australians to feel confident that their personal information is being kept safe by those we entrust it to.
The federal government is seeking submissions following the release of their discussion paper. To have your say, visit the Attorney-General’s website for details. Submissions close November 23.
Mark Gregory does not work for, consult to, own shares in or receive funding from any company or organisation that would benefit from this article, and has no relevant affiliations. This article was originally published at The Conversation. Read the original article.
Leave a Comment
Enterprise IT, Featured, News - May 24, 2013 10:38 - 4 Comments
More In Enterprise IT
- Perpetual dumps CIO after Fujitsu outsourcing
- Victoria abandons IT shared services?
Core CenITex services to be outsourced
- Australia gets two Windows Azure datacentres
- Oracle reveals swathe of Aussie rollouts
- Australia’s universities hacked on a regular basis
News, Telecommunications - May 23, 2013 11:57 - 86 Comments
More In Telecommunications
- Telstra set for massive internal restructure
- iiNet sells TransACT’s FTTP to NBN Co
- At death’s door:
Vodafone loses 216k more customers
- 4G race: Telstra turns on 1500th tower
- Optus launches TD-LTE 4G trial in Canberra
Blog, Gadgets - May 24, 2013 14:48 - 4 Comments
More In Gadgets
- 3G ASUS 7″ Fonepad lands Down Under
- HP forces MicroServer fan page offline?
- Surprise! Xbox One neutered for Australia
- Sony Xperia Z tablet hits Australia
- HP Slate 7 to land in Australia shortly