How security chief's bank details leaked
May 16, 2011
Security firm Symantec's Australian chief has revealed how his personal credit card details were leaked by a Melbourne restaurant, which he said highlighted the need for mandatory privacy breach notification laws.
The security chief, Craig Scroggie, told of his experience at a Symantec roundtable discussion in Sydney last week which revealed the average cost of a data breach to Australian companies was $2 million.
He said the government should implement Australian Law Reform Commissioner (ALRC) recommendations requiring companies to notify customers when a data breach has occurred, but raised questions over how it could be enforced.
Such laws would require an organisation to notify individuals if, for example, their username, password or credit card details had been breached by a hacker. The government has been criticised for failing to implement these laws despite sitting on recommendations for them since 2008.
In a phone interview the Home Affairs Minister, Brendan O'Connor, said the government had responded to 197 of the 295 recommendations stemming from the ALRC's privacy law review, which he said was "War and Peace in size".
He said the government would decide soon whether to implement mandatory data breach notification laws and other provisions that would, for instance, give the Australian Privacy Commissioner powers to fine companies for breaches.
"I accept that there is a public expectation that the government is responding to concerns about privacy breaches," Mr O'Connor said, adding the recent Sony PlayStation Network hack showed there was a need for new rules forcing companies to notify customers of breaches in a "timely fashion".
"We are dealing with some very significant issues but I have sought advice to see whether we can engage more quickly on this issue, but even if we were to try to bring forward this matter, it will need significant consultation because this has to be done in partnership with industry," Mr O'Connor said.
Gladiator Security Forum