Business expects data retention will hit their bottom lines: survey
A great big new tax on everything, a python squeeze, a wrecking ball ...
Risk management outfit Protiviti says Australian businesses are fearful that the government's proposed metadata retention scheme is going to cost them.
The government is in the throes of considering a two-year retention regime for Australian telecommunications carriers and ISPs. While the Parliamentary Joint Committee on Intelligence and Security has recommended that a metadata retention regime be written into Australia's national security legislation, the debate has been surrounded by confusion over what will be retained under the regime.
Protiviti's research finds that while 64 per cent of businesses broadly support the implementation of a regime, 62 per cent of respondents to its survey believe that retaining more data for longer will create security risks. To protect the honeypot of personal data, 87 per cent of businesses said specific security standards will need to be mandated for the companies hosting it.
A data retention regime would also make some managers and executives re-think their attitude to the cloud, with 22 per cent expressing concern at having ISPs or telcos protect their business data. Instead, the study says, businesses would take a look at implementing their own encryption regimes for data protection.
With all of this in mind, it's no surprise that the survey also found some respondents expect that a data retention regime will add to their costs – and not only through the likelihood that the telco sector will pass on its direct costs to them.
While 61 per cent expect service providers to pass on their costs, the respondents were pretty evenly split in their attitude to this: 42 per cent said they could accept the extra costs, and 47 per cent were unhappy at the prospect. Better data security and the associated business process changes were cited by 32 per cent of respondents as likely to add to their costs.
The respondents were much more receptive to the idea of mandatory data breach reporting, with 89 per cent in favour of such a regime. ®