<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body><div>The infosec reality is that organisations big and small are frequently failing to take basic steps to protect data they have been entrusted with by their customers. <br></div>
<div><br></div>
<blockquote type="cite"><div><div>  All this will provide is more reporting and more red tape.<br></div>
</div>
</blockquote><div>The only reporting this creates is if you have a data breach.  While an honest business would have reported it anyway, a less-scrupulous one might try and sweep it under the rug.  Now there are real penalties for doing so.<br></div>
<div><br></div>
<div><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">> However,
            we’re a long way from that being a reasonable requirement of
            every</span></span></span></span></span><br></div>
<div><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">> business, not until the general public and business
            folk are more educated around</span></span></span></span></span><br></div>
<div><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">> IT and perhaps even infosec
            can this be reasonably expected.</span></span></span></span></span><br></div>
<div><br></div>
<div>A legislative mandate might not be the ideal tool for this, but infosec people have been talking about the problem for years and things have only been getting worse.  Will it be enough by itself? Probably not, but its a first push in the right direction.<br></div>
<div><br></div>
<div>-Richard</div>
<div><br></div>
<div>On Tue, 28 Feb 2017, at 09:17 AM, Matt Perkins wrote:<br></div>
<blockquote type="cite"><div><div>The commercial realty is that if you
      are not complaint with a whole host of standards and have good
      insurance and are compiling with the  terms of that insurance your
      likely already doing everything the law requires anyway and
      Medical/Financial people wont deal with you unless you can prove
      that. <br></div>
<div> <br></div>
<div>   All this will provide is more reporting and more red tape.<br></div>
<div> <br></div>
<div> Matt.<br></div>
<div> <br></div>
<div> <br></div>
<div> <br></div>
<div> On 28/2/17 10:02 am, Matt Smee wrote:<br></div>
</div>
<blockquote type="cite"><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:rgb(24, 55, 106)"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">“Why
            can  these things not be decided on profit.”</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">I
            agree.</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt"> </span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">All
            organisations should have to comply with this law -
            regardless of their profits. If my financial, medical and/or
            personal data is being held big BigCorpX or LittleLocalY it
            doesn’t matter to me, the citizen, what their profits are -
            the outcome if that data is mishandled or stolen is the same
            either way.</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">However,
            we’re a long way from that being a reasonable requirement of
            every business, not until the general public and business
            folk are more educated around IT and perhaps even infosec
            can this be reasonably expected.</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt"> </span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">“There's
            a lot of small operators that collect 3 million and then
            turn over the bulk of that  AAPT/Telstra/Optus/Vocus . “</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">Correct
            me if I’m wrong, but that doesn’t sound but profit but more
            an expense/cost of operations.</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><b><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt"> </span></span></span></b></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">Cheers,</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="colour" style="color:black"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt">Matt.</span></span></span></span></span><br></p><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><span class="font" style="font-family:Calibri"><span class="size" style="font-size:11pt"> </span></span></span></span><br></p><div style="border-right-style:none;border-bottom-style:none;border-left-style:none;border-right-width:initial;border-bottom-width:initial;border-left-width:initial;border-right-color:initial;border-bottom-color:initial;border-left-color:initial;border-image-source:initial;border-image-slice:initial;border-image-width:initial;border-image-outset:initial;border-image-repeat:initial;border-top-style:solid;border-top-color:rgb(181, 196, 223);border-top-width:1pt;padding-top:3pt;padding-right:0cm;padding-bottom:0cm;padding-left:0cm;"><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><b><span class="colour" style="color:black"><span class="font" style="font-family:Calibri">From: </span></span> </b><span class="colour" style="color:black"><span class="font" style="font-family:Calibri">AusNOG <a style="text-decoration: underline; color: blue;" href="mailto:ausnog-bounces@lists.ausnog.net"><ausnog-bounces@lists.ausnog.net></a> on behalf of Matt
              Perkins <a style="text-decoration: underline; color: blue;" href="mailto:matt@spectrum.com.au"><matt@spectrum.com.au></a><br> <b>Date: </b>Tuesday, 28 February 2017 at 9:42 am<br> <b>To: </b>Robert Hudson <a style="text-decoration: underline; color: blue;" href="mailto:hudrob@gmail.com"><hudrob@gmail.com></a><br> <b>Cc: </b><a style="text-decoration: underline; color: blue;" href="mailto:ausnog@lists.ausnog.net">"ausnog@lists.ausnog.net"</a> <a style="text-decoration: underline; color: blue;" href="mailto:ausnog@lists.ausnog.net"><ausnog@lists.ausnog.net></a><br> <b>Subject: </b>Re: [AusNOG] Mandatory data breach
              notification will become law in Australia</span></span></span></span></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">Im suggesting that more and more
            government regulation does but one thing push small guys out
            of the market.  It wont just be a reporting requirement but
            there will be forms reports. Reporting officers etc etc. 
            It's not the reporting requirement I have a problem with
            it's all the red tape that's going to go with it. <br> <br> The government needs to learn that 3million turnover  is not
            a large business.  Why can  these things not be decided on
            profit. There's a lot of small operators that collect 3
            million and then turn over the bulk of that 
            AAPT/Telstra/Optus/Vocus .  <br> <br> Yet the government treats them like AAPT/Telstra/Optus/Vocus <br> <br> <br> On 28/2/17 7:22 am, Robert Hudson wrote:</span></span></p></div>
<blockquote style="margin-top:5pt;margin-bottom:5pt;"><div><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">Hi Matt,</span></span><br></p><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">Are you suggesting that you believe
                  that this change is just more "red tape", rather than
                  a win for the individual with regards to knowing if
                  their PII may have, for whatever reason, fallen into
                  the wrong hands, and may be used for
                  less-than-satisfactory (from the perspective of said
                  individual) purposes?</span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">If you feel that adequately
                  protecting and reporting on loss of PII belonging to
                  other individuals is an onerous task that you
                  shouldn't need to be part of, you could always not
                  collect/store PII. Less red tape that way!</span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">Regards,</span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p></div>
<div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">Robert</span></span><br></p></div>
<p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">On 27 Feb 2017 10:20 PM, "Matt
                    Perkins" <<a style="text-decoration: underline; color: blue;" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a>>
                    wrote:</span></span><br></p><blockquote style="border-top-style:none;border-right-style:none;border-bottom-style:none;border-top-width:initial;border-right-width:initial;border-bottom-width:initial;border-top-color:initial;border-right-color:initial;border-bottom-color:initial;border-image-source:initial;border-image-slice:initial;border-image-width:initial;border-image-outset:initial;border-image-repeat:initial;border-left-style:solid;border-left-color:rgb(204, 204, 204);border-left-width:1pt;padding-top:0cm;padding-right:0cm;padding-bottom:0cm;padding-left:6pt;margin-left:4.8pt;margin-right:0cm;"><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt">Didn't they say this was the
                      government that would slash red tape ?<br> <span class="colour" style="color:rgb(136, 136, 136)"><br> Matt<br> <br> <br> <br> --<br> /* Matt Perkins<br>        Direct 1300 137 379     Spectrum Networks
                        Ptd. Ltd.<br>        Office 1300 133 299     <a style="text-decoration: underline; color: blue;" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a><br>        Fax    1300 133 255     Level 6, 350
                        George Street Sydney 2000<br>       SIP <a style="text-decoration: underline; color: blue;" href="mailto:1300137379@sip.spectrum.com.au">1300137379@sip.spectrum.com.au</a><br>        Google Talk <a style="text-decoration: underline; color: blue;" href="mailto:MattAPerkins@gmail.com">MattAPerkins@gmail.com</a><br>        PGP/GNUPG Public Key can be found at  <a style="text-decoration: underline; color: blue;" href="http://pgp.mit.edu"> http://pgp.mit.edu</a><br> */</span></span></span></p><div><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"><br>> On 27 Feb 2017, at 6:23 pm, Chris Legg <<a style="text-decoration: underline; color: blue;" href="mailto:cdlegg@iinet.net.au">cdlegg@iinet.net.au</a>>
                        wrote:<br> ><br> > Copied from another source:<br> ><br> ><br> > Australia will have a mandatory data breach
                        notification scheme in place within the year
                        after several aborted attempts, following the
                        passage of legislation through the senate on Feb
                        13th.<br> ><br> > <a style="text-decoration: underline; color: blue;" href="http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5"> http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5</a><br> ><br> > This ruling applies to all government
                        entities and organizations with a turnover
                        greater than $3 million a year. Entities with
                        turnover of less than $3 million a year fall
                        outside the legislation.<br> ><br> > The newly passed law means organizations
                        that determine they have been breached or have
                        lost data will need to report the incident to
                        the Privacy Commissioner and notify affected
                        customers as soon as they become aware of a
                        breach.<br> >
                        _______________________________________________<br> > AusNOG mailing list<br> > <a style="text-decoration: underline; color: blue;" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br> > <a style="text-decoration: underline; color: blue;" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br> <br> _______________________________________________<br> AusNOG mailing list<br> <a style="text-decoration: underline; color: blue;" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br> <a style="text-decoration: underline; color: blue;" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a></span></span></p></div>
</blockquote></div>
<p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p></div>
</div>
</div>
</blockquote><p style="margin: 0cm 0cm 0.0001pt;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p><p style="margin-left: 0cm; margin-right: 0cm;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"> </span></span><br></p><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">-- <br></pre><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">/* Matt Perkins <br></pre><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">        Direct 1300 137 379        Spectrum Networks Ptd. Ltd. <br></pre><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">        Office 1300 133 299        <a style="text-decoration: underline; color: blue;" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a> <br></pre><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">                                   Level 6, 350 George Street Sydney 2000<br></pre><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">        Spectrum Networks is a member of the Communications Alliance & TIO  <br></pre><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">*/<br></pre></div>
<div><br></div>
<div><br></div>
<pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">_______________________________________________
AusNOG mailing list
<a style="text-decoration: underline; color: blue;" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a style="text-decoration: underline; color: blue;" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
<br></pre></blockquote><div><br></div>
<p style="margin-left: 0cm; margin-right: 0cm;"><span class="font" style="font-family:'Times New Roman'"><span class="size" style="font-size:12pt"></span></span><br></p><pre style="font-family: 'Courier New'; font-size: 10pt; margin: 0cm 0cm 0.0001pt;">-- 
/* Matt Perkins 
        Direct 1300 137 379        Spectrum Networks Ptd. Ltd. 
        Office 1300 133 299        <a style="text-decoration: underline; color: blue;" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a> 
                                   Level 6, 350 George Street Sydney 2000
        Spectrum Networks is a member of the Communications Alliance & TIO  
*/
<br></pre><div><u>_______________________________________________</u><br></div>
<div>AusNOG mailing list<br></div>
<div><a style="text-decoration: underline; color: blue;" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br></div>
<div><a style="text-decoration: underline; color: blue;" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br></div>
</blockquote><div><br></div>
</body>
</html>