Feeds

Australian Privacy Act feels revamp pressure

Sony breaches may force hand

Internet Security Threat Report 2014

The Australian government may consider expediting significant reforms to the Privacy Act as a result of the Sony data breaches.

The Australian Privacy Commissioner, Timothy Pilgrim has already opened an investigation into the Sony Playstation Network security breach where 77 million users of the network have had their personal data compromised. Pilgrim issued an additional statement in response to the subsequent news this week relating to a breach relating to Sony Online Entertainment in which an additional 24.6 million users including 12,700 non-US customer credit or debit card numbers had been affected.

In what is essentially a pro-forma response from the office, Pilgrim has “have asked SOE for information about this incident," and promised an "own motion investigation" of the attack (that is, an investigation launched without waiting for specific complaints to arrive at the office).

"This latest incident is extremely worrying," said Pilgrim. "I am particularly concerned that it involves information stored on an out of date database.

"It reinforces my view that organisations need to consider further limiting the amount of information they collect and store about people. They should also make sure that information is destroyed when it is no longer needed as is required under the Privacy Act,” Pilgrim said.

While the commissioner has asked what information was compromised and what network security was in place at the time of the breach, he has not asked Sony to explain what vulnerabilities were exploited, nor to detail what new security measures it might apply to defend against future attacks.

There is currently no mandatory data breach notification obligation in Australia. The Australian Law Reform Commission recommended that consideration should also be given to the introduction of mandatory data breach notification laws.

Pilgrim said that there are a number of significant reforms to the Privacy Act currently being considered by the government including increased powers for the Commissioner to impose penalties following an own motion investigation, such as enforceable undertakings and civil penalties for serious breaches of privacy. ®

Beginner's guide to SSL certificates

More from The Register

next story
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.