<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">The commercial realty is that if you
are not complaint with a whole host of standards and have good
insurance and are compiling with the terms of that insurance your
likely already doing everything the law requires anyway and
Medical/Financial people wont deal with you unless you can prove
that. <br>
<br>
All this will provide is more reporting and more red tape.<br>
<br>
Matt.<br>
<br>
<br>
<br>
On 28/2/17 10:02 am, Matt Smee wrote:<br>
</div>
<blockquote
cite="mid:53EB4E18-9068-4258-B087-2B89921D18A9@unsw.edu.au"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Title" content="">
<meta name="Keywords" content="">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Courier New";
panose-1:2 7 3 9 2 2 5 2 4 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0cm;
mso-margin-bottom-alt:auto;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman";}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:Courier;}
span.EmailStyle20
{mso-style-type:personal-reply;
font-family:Calibri;
color:windowtext;}
span.msoIns
{mso-style-type:export-only;
mso-style-name:"";
text-decoration:underline;
color:teal;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:595.0pt 842.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:#18376A">“Why
can these things not be decided on profit.”<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black">I
agree.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black">All
organisations should have to comply with this law -
regardless of their profits. If my financial, medical and/or
personal data is being held big BigCorpX or LittleLocalY it
doesn’t matter to me, the citizen, what their profits are -
the outcome if that data is mishandled or stolen is the same
either way.
<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black">However,
we’re a long way from that being a reasonable requirement of
every business, not until the general public and business
folk are more educated around IT and perhaps even infosec
can this be reasonably expected. <o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black">“There's
a lot of small operators that collect 3 million and then
turn over the bulk of that AAPT/Telstra/Optus/Vocus . “<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black">Correct
me if I’m wrong, but that doesn’t sound but profit but more
an expense/cost of operations.<o:p></o:p></span></p>
<p class="MsoNormal"><b><span
style="font-size:11.0pt;font-family:Calibri;color:black"><o:p> </o:p></span></b></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black;mso-fareast-language:EN-US">Cheers,<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;color:black;mso-fareast-language:EN-US">Matt.<o:p></o:p></span></p>
<p class="MsoNormal"><span
style="font-size:11.0pt;font-family:Calibri;mso-fareast-language:EN-US"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF
1.0pt;padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span
style="font-family:Calibri;color:black">From: </span>
</b><span style="font-family:Calibri;color:black">AusNOG
<a class="moz-txt-link-rfc2396E" href="mailto:ausnog-bounces@lists.ausnog.net"><ausnog-bounces@lists.ausnog.net></a> on behalf of Matt
Perkins <a class="moz-txt-link-rfc2396E" href="mailto:matt@spectrum.com.au"><matt@spectrum.com.au></a><br>
<b>Date: </b>Tuesday, 28 February 2017 at 9:42 am<br>
<b>To: </b>Robert Hudson <a class="moz-txt-link-rfc2396E" href="mailto:hudrob@gmail.com"><hudrob@gmail.com></a><br>
<b>Cc: </b><a class="moz-txt-link-rfc2396E" href="mailto:ausnog@lists.ausnog.net">"ausnog@lists.ausnog.net"</a>
<a class="moz-txt-link-rfc2396E" href="mailto:ausnog@lists.ausnog.net"><ausnog@lists.ausnog.net></a><br>
<b>Subject: </b>Re: [AusNOG] Mandatory data breach
notification will become law in Australia<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Im suggesting that more and more
government regulation does but one thing push small guys out
of the market. It wont just be a reporting requirement but
there will be forms reports. Reporting officers etc etc.
It's not the reporting requirement I have a problem with
it's all the red tape that's going to go with it. <br>
<br>
The government needs to learn that 3million turnover is not
a large business. Why can these things not be decided on
profit. There's a lot of small operators that collect 3
million and then turn over the bulk of that
AAPT/Telstra/Optus/Vocus .
<br>
<br>
Yet the government treats them like AAPT/Telstra/Optus/Vocus
<br>
<br>
<br>
On 28/2/17 7:22 am, Robert Hudson wrote:<o:p></o:p></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<div>
<div>
<p class="MsoNormal">Hi Matt, <o:p></o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Are you suggesting that you believe
that this change is just more "red tape", rather than
a win for the individual with regards to knowing if
their PII may have, for whatever reason, fallen into
the wrong hands, and may be used for
less-than-satisfactory (from the perspective of said
individual) purposes?<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">If you feel that adequately
protecting and reporting on loss of PII belonging to
other individuals is an onerous task that you
shouldn't need to be part of, you could always not
collect/store PII. Less red tape that way!<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Regards,<o:p></o:p></p>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Robert<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On 27 Feb 2017 10:20 PM, "Matt
Perkins" <<a moz-do-not-send="true"
href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a>>
wrote:<o:p></o:p></p>
<blockquote style="border:none;border-left:solid
#CCCCCC 1.0pt;padding:0cm 0cm 0cm
6.0pt;margin-left:4.8pt;margin-right:0cm">
<p class="MsoNormal">Didn't they say this was the
government that would slash red tape ?<br>
<span style="color:#888888"><br>
Matt<br>
<br>
<br>
<br>
--<br>
/* Matt Perkins<br>
Direct 1300 137 379 Spectrum Networks
Ptd. Ltd.<br>
Office 1300 133 299 <a
moz-do-not-send="true"
href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a><br>
Fax 1300 133 255 Level 6, 350
George Street Sydney 2000<br>
SIP <a moz-do-not-send="true"
href="mailto:1300137379@sip.spectrum.com.au">1300137379@sip.spectrum.com.au</a><br>
Google Talk <a moz-do-not-send="true"
href="mailto:MattAPerkins@gmail.com">MattAPerkins@gmail.com</a><br>
PGP/GNUPG Public Key can be found at <a
moz-do-not-send="true"
href="http://pgp.mit.edu" target="_blank">
http://pgp.mit.edu</a><br>
*/</span><o:p></o:p></p>
<div>
<p class="MsoNormal"><br>
> On 27 Feb 2017, at 6:23 pm, Chris Legg <<a
moz-do-not-send="true"
href="mailto:cdlegg@iinet.net.au">cdlegg@iinet.net.au</a>>
wrote:<br>
><br>
> Copied from another source:<br>
><br>
><br>
> Australia will have a mandatory data breach
notification scheme in place within the year
after several aborted attempts, following the
passage of legislation through the senate on Feb
13th.<br>
><br>
> <a moz-do-not-send="true"
href="http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5"
target="_blank">
http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5</a><br>
><br>
> This ruling applies to all government
entities and organizations with a turnover
greater than $3 million a year. Entities with
turnover of less than $3 million a year fall
outside the legislation.<br>
><br>
> The newly passed law means organizations
that determine they have been breached or have
lost data will need to report the incident to
the Privacy Commissioner and notify affected
customers as soon as they become aware of a
breach.<br>
>
_______________________________________________<br>
> AusNOG mailing list<br>
> <a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
> <a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><br>
<br>
_______________________________________________<br>
AusNOG mailing list<br>
<a moz-do-not-send="true"
href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a moz-do-not-send="true"
href="http://lists.ausnog.net/mailman/listinfo/ausnog"
target="_blank">http://lists.ausnog.net/mailman/listinfo/ausnog</a><o:p></o:p></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</div>
</div>
</blockquote>
<p class="MsoNormal"><o:p> </o:p></p>
<p><o:p> </o:p></p>
<pre>-- <o:p></o:p></pre>
<pre>/* Matt Perkins <o:p></o:p></pre>
<pre> Direct 1300 137 379 Spectrum Networks Ptd. Ltd. <o:p></o:p></pre>
<pre> Office 1300 133 299 <a moz-do-not-send="true" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a> <o:p></o:p></pre>
<pre> Level 6, 350 George Street Sydney 2000<o:p></o:p></pre>
<pre> Spectrum Networks is a member of the Communications Alliance & TIO <o:p></o:p></pre>
<pre>*/<o:p></o:p></pre>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
AusNOG mailing list
<a class="moz-txt-link-abbreviated" href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a>
<a class="moz-txt-link-freetext" href="http://lists.ausnog.net/mailman/listinfo/ausnog">http://lists.ausnog.net/mailman/listinfo/ausnog</a>
</pre>
</blockquote>
<br>
<p><br>
</p>
<pre class="moz-signature" cols="72">--
/* Matt Perkins
Direct 1300 137 379 Spectrum Networks Ptd. Ltd.
Office 1300 133 299 <a class="moz-txt-link-abbreviated" href="mailto:matt@spectrum.com.au">matt@spectrum.com.au</a>
Level 6, 350 George Street Sydney 2000
Spectrum Networks is a member of the Communications Alliance & TIO
*/
</pre>
</body>
</html>