[AusNOG] Mandatory data breach notification will become law in Australia

Paul Wilkins paulwilkins369 at gmail.com
Tue Feb 28 12:41:04 EST 2017


Up until March 2016 you could be fully PCI compliant while managing all
your devices through telnet, so...

Kind regards

Paul Wilkins

On 28 February 2017 at 12:03, Mark Newton <newton at atdot.dotat.org> wrote:

>
> On Feb 28, 2017, at 11:52 AM, Morgan Reed <morgan at darkglade.com> wrote:
>
> PCI and the like helps, but that only applies to specific parts of the
> market, there are still plenty of players out there who have enough PII
> about people to allow their ID to be stolen.
>
>
> Target was PCI compliant.
>
> Catchoftheday was PCI compliant, nobody found out about their data
> breaches until three years later.
>
> PCI compliance doesn’t help at all. It’s orthogonal to this problem space,
> it protects credit card issuers, not users. The only thing it tries to
> protect is transaction records, and even then it only protects them to the
> extent necessary to avoid *en masse *disclosure of (name, credit card,
> expiry, CVV) tuples.
>
> Mandatory breach notification will at least mean that you KNOW your info
> was stolen, so you can do something about it, versus finding out three to
> six months down the line when you start getting calls from debt collectors
> chasing you for payments on the half-dozen or more credit cards that have
> been signed up in your name and then maxed out.
>
>
> Yep, this.
>
> If you’re a small or large org, and I’m your customer, and you don’t
> secure MY data, you can go and die in a goddamn fire. I don’t care how much
> it affects your profitability, if I’ve disclosed valuable personal
> information to you, you have a responsibility to do whatever it takes to
> deserve my trust.
>
> If you’re upset because your products or business practices are so
> hopelessly insecure that adequately discharging that responsibility makes
> you unprofitable, then cry me a river. You shouldn’t be in business.
>
>
>   - mark
>
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170228/3487b801/attachment.html>


More information about the AusNOG mailing list