Australia’s Attorney-General, Nicola Roxon, yesterday introduced a Discussion Paper on Privacy Breach Notification (PDF). The release of the paper almost certainly caused cheers in the vendor community, as The Reg is aware of at least one multinational software company that has made breach notification laws the centrepiece of …
Where's the conundrum?
"Should breaches be reported?"
Yes. Maybe not to the general public, but certainly to the relevant authorities, same as when bank's vaults are breached.
"When should breaches be reported?"
"What constitute a breach?"
The Australian Government has a list of items it considers vital for identifying a person (or vice-versa, for a person to identify themselves to an authority). These include, but are not limited to; name, date of birth, gender, residential address, passport number, driver's licence number, credit card details, etc...
Any breach in which two or more of these pieces of data could have been revealed need to be reported.
End of story. If companies are suddenly saddled with the care-and-upkeep of the data they collect under pain of a Federal indictment maybe they would then (a) take more care with the data they collect and (b) review whether or not they actually need to collect that data compared to the legal hassle of having to protect it.
She is completely out of her depth as AG. Mind you she would be out of her depth if she were a conveyancing paralegal I suspect.
This just her attempt to try and divert attention away from the complete fiasco she has created with the Ashby case.
Can we have an election please?
- Hi-torque tank engines: EXTREME car hacking with The Register
- Review What's MISSING on Amazon Fire Phone... and why it WON'T set the world alight
- Product round-up Trousers down for six of the best affordable Androids
- Antique Code Show World of Warcraft then and now: From Orcs and Humans to Warlords of Draenor
- Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...