<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;}
span.EmailStyle20
{mso-style-type:personal;
font-family:Calibri;
color:windowtext;}
span.EmailStyle21
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
</head>
<body bgcolor="white" lang="EN-GB" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US">I appreciate that most medical and financial entities are regulated and probably compliant, but this is around letting consumers know what’s happening with their
data <b>when</b> it’s exposed. In fact, to the opposite of what you propose, the more compliant/secure they are the
<b>less</b> burden this legislation would be as the probability of compromise <b>
decreases</b>. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US">I don’t agree that reporting to your customers that you’ve been breached/compromised/mishandled data is unreasonable reporting. If you gave your friend a spare
key to your home or car and they lost it do you expect them to tell you? You may want to change your locks as a result. In the same way in the event of data breaches you may want to change your passwords/CC number and so on.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US">Matt.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">AusNOG <ausnog-bounces@lists.ausnog.net> on behalf of Matt Perkins <matt@spectrum.com.au><br>
<b>Date: </b>Tuesday, 28 February 2017 at 10:17 am<br>
<b>To: </b>"ausnog@lists.ausnog.net" <ausnog@lists.ausnog.net><br>
<b>Subject: </b>Re: [AusNOG] Mandatory data breach notification will become law in Australia<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">The commercial realty is that if you are not complaint with a whole host of standards and have good insurance and are compiling with the terms of that insurance your likely already doing everything the law requires anyway and Medical/Financial
people wont deal with you unless you can prove that. <br>
<br>
All this will provide is more reporting and more red tape.<br>
<br>
Matt.<br>
<br>
<br>
<br>
On 28/2/17 10:02 am, Matt Smee wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:#18376A">“Why can these things not be decided on profit.”</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black">I agree.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black">All organisations should have to comply with this law - regardless of their profits. If my financial, medical and/or personal data is being held big BigCorpX or LittleLocalY
it doesn’t matter to me, the citizen, what their profits are - the outcome if that data is mishandled or stolen is the same either way.
</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black">However, we’re a long way from that being a reasonable requirement of every business, not until the general public and business folk are more educated around IT and perhaps
even infosec can this be reasonably expected. </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black"> </span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black">“There's a lot of small operators that collect 3 million and then turn over the bulk of that AAPT/Telstra/Optus/Vocus . “</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black">Correct me if I’m wrong, but that doesn’t sound but profit but more an expense/cost of operations.</span><o:p></o:p></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;font-family:Calibri;color:black"> </span></b><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black;mso-fareast-language:EN-US">Cheers,</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;color:black;mso-fareast-language:EN-US">Matt.</span><o:p></o:p></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US"> </span><o:p></o:p></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">AusNOG <a href="mailto:ausnog-bounces@lists.ausnog.net">
<ausnog-bounces@lists.ausnog.net></a> on behalf of Matt Perkins <a href="mailto:matt@spectrum.com.au">
<matt@spectrum.com.au></a><br>
<b>Date: </b>Tuesday, 28 February 2017 at 9:42 am<br>
<b>To: </b>Robert Hudson <a href="mailto:hudrob@gmail.com"><hudrob@gmail.com></a><br>
<b>Cc: </b><a href="mailto:ausnog@lists.ausnog.net">"ausnog@lists.ausnog.net"</a>
<a href="mailto:ausnog@lists.ausnog.net"><ausnog@lists.ausnog.net></a><br>
<b>Subject: </b>Re: [AusNOG] Mandatory data breach notification will become law in Australia</span><o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Im suggesting that more and more government regulation does but one thing push small guys out of the market. It wont just be a reporting requirement but there will be forms reports. Reporting officers etc etc. It's not the reporting requirement
I have a problem with it's all the red tape that's going to go with it. <br>
<br>
The government needs to learn that 3million turnover is not a large business. Why can these things not be decided on profit. There's a lot of small operators that collect 3 million and then turn over the bulk of that AAPT/Telstra/Optus/Vocus .
<br>
<br>
Yet the government treats them like AAPT/Telstra/Optus/Vocus <br>
<br>
<br>
On 28/2/17 7:22 am, Robert Hudson wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Hi Matt, <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Are you suggesting that you believe that this change is just more "red tape", rather than a win for the individual with regards to knowing if their PII may have, for whatever reason, fallen into the wrong hands, and may be used for less-than-satisfactory
(from the perspective of said individual) purposes?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">If you feel that adequately protecting and reporting on loss of PII belonging to other individuals is an onerous task that you shouldn't need to be part of, you could always not collect/store PII. Less red tape that way!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
<div>
<p class="MsoNormal">Robert<o:p></o:p></p>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal"> <o:p></o:p></p>
<div>
<p class="MsoNormal">On 27 Feb 2017 10:20 PM, "Matt Perkins" <<a href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a>> wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0cm 0cm 0cm 6.0pt;margin-left:4.8pt;margin-top:5.0pt;margin-right:0cm;margin-bottom:5.0pt">
<p class="MsoNormal">Didn't they say this was the government that would slash red tape ?<br>
<span style="color:#888888"><br>
Matt<br>
<br>
<br>
<br>
--<br>
/* Matt Perkins<br>
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.<br>
Office 1300 133 299 <a href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a><br>
Fax 1300 133 255 Level 6, 350 George Street Sydney 2000<br>
SIP <a href="mailto:1300137379@sip.spectrum.com.au">1300137379@sip.spectrum.com.au</a><br>
Google Talk <a href="mailto:MattAPerkins@gmail.com">MattAPerkins@gmail.com</a><br>
PGP/GNUPG Public Key can be found at <a href="http://pgp.mit.edu" target="_blank">
http://pgp.mit.edu</a><br>
*/</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
> On 27 Feb 2017, at 6:23 pm, Chris Legg <<a href="mailto:cdlegg@iinet.net.au">cdlegg@iinet.net.au</a>> wrote:<br>
><br>
> Copied from another source:<br>
><br>
><br>
> Australia will have a mandatory data breach notification scheme in place within the year after several aborted attempts, following the passage of legislation through the senate on Feb 13th.<br>
><br>
> <a href="http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5" target="_blank">
http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5</a><br>
><br>
> This ruling applies to all government entities and organizations with a turnover greater than $3 million a year. Entities with turnover of less than $3 million a year fall outside the legislation.<br>
><br>
> The newly passed law means organizations that determine they have been breached or have lost data will need to report the incident to the Privacy Commissioner and notify affected customers as soon as they become aware of a breach.<br>
> _______________________________________________<br>
> AusNOG mailing list<br>
> <a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"> <o:p></o:p></p>
</div>
</div>
</div>
</blockquote>
<p class="MsoNormal"> <o:p></o:p></p>
<p> <o:p></o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>/* Matt Perkins <o:p></o:p></pre>
<pre> Direct 1300 137 379 Spectrum Networks Ptd. Ltd. <o:p></o:p></pre>
<pre> Office 1300 133 299 <a href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a> <o:p></o:p></pre>
<pre> Level 6, 350 George Street Sydney 2000<o:p></o:p></pre>
<pre> Spectrum Networks is a member of the Communications Alliance & TIO <o:p></o:p></pre>
<pre>*/<o:p></o:p></pre>
<p class="MsoNormal"><br>
<br>
<br>
<o:p></o:p></p>
<pre>_______________________________________________<o:p></o:p></pre>
<pre>AusNOG mailing list<o:p></o:p></pre>
<pre><a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><o:p></o:p></pre>
<pre><a href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></pre>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
<p><o:p> </o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>/* Matt Perkins <o:p></o:p></pre>
<pre> Direct 1300 137 379 Spectrum Networks Ptd. Ltd. <o:p></o:p></pre>
<pre> Office 1300 133 299 <a href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a> <o:p></o:p></pre>
<pre> Level 6, 350 George Street Sydney 2000<o:p></o:p></pre>
<pre> Spectrum Networks is a member of the Communications Alliance & TIO <o:p></o:p></pre>
<pre>*/<o:p></o:p></pre>
</div>
</body>
</html>