[AusNOG] Mandatory data breach notification will become law in Australia

Paul Wilkins paulwilkins369 at gmail.com
Tue Feb 28 00:10:20 EST 2017


Superficially it seems that this is a step in the right direction - that we
can't expect to see meaningful improvements to the security of systems and
networks without a measure of the extent of security violations.

On the other, I don't see where reporting will necessarily lead to
meaningful change. Even the preamble to the Act cites rising levels of
security breaches as justification. But if one adopts a more
realistic(fatalistic) view of the security horizon, where everyone knows
that security on the internet is basically a broken concept, then we are
measuring something that can't be changed, the rate of security breaches
will only continue to rise, while the government Canute like commands the
rising tide to recede when it shows no inclination to acquiesce to the
request.

There is a real risk that the powers within the act are going to be used to
little effect other than as a rod with which to flog a dead horse for the
edification of the electorate.

Kind regards

Paul Wilkins

On 27 February 2017 at 18:23, Chris Legg <cdlegg at iinet.net.au> wrote:

> Copied from another source:
>
>
> Australia will have a mandatory data breach notification scheme in place
> within the year after several aborted attempts, following the passage of
> legislation through the senate on Feb 13th.
>
> http://www.theaustralian.com.au/business/technology/data-bre
> ach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5
>
> This ruling applies to all government entities and organizations with a
> turnover greater than $3 million a year. Entities with turnover of less
> than $3 million a year fall outside the legislation.
>
> The newly passed law means organizations that determine they have been
> breached or have lost data will need to report the incident to the Privacy
> Commissioner and notify affected customers as soon as they become aware of
> a breach.
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170228/a75b0d45/attachment.html>


More information about the AusNOG mailing list