Feeds

Australian Privacy Act feels revamp pressure

Sony breaches may force hand

Choosing a cloud hosting partner with confidence

The Australian government may consider expediting significant reforms to the Privacy Act as a result of the Sony data breaches.

The Australian Privacy Commissioner, Timothy Pilgrim has already opened an investigation into the Sony Playstation Network security breach where 77 million users of the network have had their personal data compromised. Pilgrim issued an additional statement in response to the subsequent news this week relating to a breach relating to Sony Online Entertainment in which an additional 24.6 million users including 12,700 non-US customer credit or debit card numbers had been affected.

In what is essentially a pro-forma response from the office, Pilgrim has “have asked SOE for information about this incident," and promised an "own motion investigation" of the attack (that is, an investigation launched without waiting for specific complaints to arrive at the office).

"This latest incident is extremely worrying," said Pilgrim. "I am particularly concerned that it involves information stored on an out of date database.

"It reinforces my view that organisations need to consider further limiting the amount of information they collect and store about people. They should also make sure that information is destroyed when it is no longer needed as is required under the Privacy Act,” Pilgrim said.

While the commissioner has asked what information was compromised and what network security was in place at the time of the breach, he has not asked Sony to explain what vulnerabilities were exploited, nor to detail what new security measures it might apply to defend against future attacks.

There is currently no mandatory data breach notification obligation in Australia. The Australian Law Reform Commission recommended that consideration should also be given to the introduction of mandatory data breach notification laws.

Pilgrim said that there are a number of significant reforms to the Privacy Act currently being considered by the government including increased powers for the Commissioner to impose penalties following an own motion investigation, such as enforceable undertakings and civil penalties for serious breaches of privacy. ®

Beginner's guide to SSL certificates

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.