[AusNOG] Mandatory data breach notification will become law in Australia
r at js8.me
r at js8.me
Tue Feb 28 10:35:20 EST 2017
The infosec reality is that organisations big and small are frequently
failing to take basic steps to protect data they have been entrusted
with by their customers.
> All this will provide is more reporting and more red tape.
The only reporting this creates is if you have a data breach. While
an honest business would have reported it anyway, a less-scrupulous
one might try and sweep it under the rug. Now there are real
penalties for doing so.
> However, we’re a long way from that being a reasonable requirement
> of every
> business, not until the general public and business folk are more
> educated around
> IT and perhaps even infosec can this be reasonably expected.
A legislative mandate might not be the ideal tool for this, but infosec
people have been talking about the problem for years and things have
only been getting worse. Will it be enough by itself? Probably not, but
its a first push in the right direction.
-Richard
On Tue, 28 Feb 2017, at 09:17 AM, Matt Perkins wrote:
> The commercial realty is that if you are not complaint with a whole
> host of standards and have good insurance and are compiling with the
> terms of that insurance your likely already doing everything the law
> requires anyway and Medical/Financial people wont deal with you unless
> you can prove that.
>
> All this will provide is more reporting and more red tape.
>
> Matt.
>
>
>
> On 28/2/17 10:02 am, Matt Smee wrote:
>> “Why can these things not be decided on profit.”
>> I agree.
>>
>> All organisations should have to comply with this law - regardless of
>> their profits. If my financial, medical and/or personal data is being
>> held big BigCorpX or LittleLocalY it doesn’t matter to me, the
>> citizen, what their profits are - the outcome if that data is
>> mishandled or stolen is the same either way.
>> However, we’re a long way from that being a reasonable requirement of
>> every business, not until the general public and business folk are
>> more educated around IT and perhaps even infosec can this be
>> reasonably expected.
>>
>> “There's a lot of small operators that collect 3 million and then
>> turn over the bulk of that AAPT/Telstra/Optus/Vocus . “
>> Correct me if I’m wrong, but that doesn’t sound but profit but more
>> an expense/cost of operations.
>> * *
>> Cheers,
>> Matt.
>>
>> *From: *AusNOG <ausnog-bounces at lists.ausnog.net> on behalf of Matt
>> Perkins <matt at spectrum.com.au> *Date: *Tuesday, 28 February 2017 at
>> 9:42 am *To: *Robert Hudson <hudrob at gmail.com> *Cc:
>> *"ausnog at lists.ausnog.net" <ausnog at lists.ausnog.net> *Subject: *Re:
>> [AusNOG] Mandatory data breach notification will become law in
>> Australia
>>
>> Im suggesting that more and more government regulation does but one
>> thing push small guys out of the market. It wont just be a reporting
>> requirement but there will be forms reports. Reporting officers etc
>> etc. It's not the reporting requirement I have a problem with it's
>> all the red tape that's going to go with it.
>>
>> The government needs to learn that 3million turnover is not a large
>> business. Why can these things not be decided on profit. There's a
>> lot of small operators that collect 3 million and then turn over the
>> bulk of that AAPT/Telstra/Optus/Vocus .
>>
>> Yet the government treats them like AAPT/Telstra/Optus/Vocus
>>
>>
>> On 28/2/17 7:22 am, Robert Hudson wrote:
>>> Hi Matt,
>>>
>>> Are you suggesting that you believe that this change is just more
>>> "red tape", rather than a win for the individual with regards to
>>> knowing if their PII may have, for whatever reason, fallen into the
>>> wrong hands, and may be used for less-than-satisfactory (from the
>>> perspective of said individual) purposes?
>>>
>>> If you feel that adequately protecting and reporting on loss of PII
>>> belonging to other individuals is an onerous task that you shouldn't
>>> need to be part of, you could always not collect/store PII. Less red
>>> tape that way!
>>>
>>> Regards,
>>>
>>> Robert
>>>
>>>
>>> On 27 Feb 2017 10:20 PM, "Matt Perkins" <matt at spectrum.com.au>
>>> wrote:
>>>> Didn't they say this was the government that would slash red tape ?
>>>>
>>>> Matt
>>>>
>>>>
>>>>
>>>> --
>>>> /* Matt Perkins Direct 1300 137 379 Spectrum Networks
>>>> Ptd. Ltd. Office 1300 133 299 matt at spectrum.com.au
>>>> Fax 1300 133 255 Level 6, 350 George Street Sydney 2000
>>>> SIP 1300137379 at sip.spectrum.com.au Google Talk
>>>> MattAPerkins at gmail.com PGP/GNUPG Public Key can be found at
>>>> http://pgp.mit.edu */
>>>>
>>>> > On 27 Feb 2017, at 6:23 pm, Chris Legg <cdlegg at iinet.net.au>
>>>> > wrote:
>>>> >
>>>> > Copied from another source:
>>>> >
>>>> >
>>>> > Australia will have a mandatory data breach notification scheme
>>>> > in place within the year after several aborted attempts,
>>>> > following the passage of legislation through the senate on Feb
>>>> > 13th.
>>>> >
>>>> > http://www.theaustralian.com.au/business/technology/data-breach-scheme-to-become-law/news-story/8c2765681201c0d1c58ece2ebc3022c5
>>>> >
>>>> > This ruling applies to all government entities and organizations
>>>> > with a turnover greater than $3 million a year. Entities with
>>>> > turnover of less than $3 million a year fall outside the
>>>> > legislation.
>>>> >
>>>> > The newly passed law means organizations that determine they
>>>> > have been breached or have lost data will need to report the
>>>> > incident to the Privacy Commissioner and notify affected
>>>> > customers as soon as they become aware of a breach.
>>>> > _______________________________________________
>>>> > AusNOG mailing list AusNOG at lists.ausnog.net
>>>> > http://lists.ausnog.net/mailman/listinfo/ausnog
>>>>
>>>> _______________________________________________
>>>> AusNOG mailing list AusNOG at lists.ausnog.net
>>>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>>
>>
>>
>> --
>> /* Matt Perkins Direct 1300 137 379 Spectrum Networks
>> Ptd. Ltd. Office 1300 133 299 matt at spectrum.com.au
>> Level 6, 350 George Street Sydney 2000 Spectrum Networks is a
>> member of the Communications Alliance & TIO */
>>
>>
>> _______________________________________________ AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>
>
> -- /* Matt Perkins Direct 1300 137 379 Spectrum Networks Ptd.
> Ltd. Office 1300 133 299 matt at spectrum.com.au Level 6, 350
> George Street Sydney 2000 Spectrum Networks is a member of the
> Communications Alliance & TIO */
>
> _________________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170228/41866bbe/attachment.html>
More information about the AusNOG
mailing list