[AusNOG] Effect of Data Retention regime on smaller ISPs

[Justin Clacherty]

On 3/03/2015 5:08 pm, Skeeve Stevens wrote:
> As soon as we actually know what we're supposed to be doing, I will be
> doing my best to put something together for the smaller ISPs to help
> them deal with this... we just need to know what the requirements will
> be...  what will be collected, what needs to be summarised, if it
> needs to be encrypted, and how it needs to be stored.
The current data set is one of the appendices to the PJCIS report, you
can have a look at it there (I know you have now, just making sure
others know).

Encryption is one of the recommendations of the PJCIS which will
apparently be taken up. Of course the PJCIS fail to realise that
"encrypt all the things" isn't the be and end all of information
security. The data will still be wide open to those with the appropriate
skill.

There is no indication of how it is to be stored (other than encrypted
"where possible"), or in what way the data should be made available.
It's completely up to individual organisations to decide that for now.
Their liability in the event that it is not done properly is unclear.
There is however a recommendation to have legislation on mandatory data
breach disclosure enacted by EOY.

Justin.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20150304/1072e59d/attachment.html>