Privacy guidelines not enough to prevent data breaches: Law lecturer
- 08 August, 2011 12:45
- Comments
To prevent online privacy breaches Australia needs a privacy watchdog rather than merely guidelines, a law lecturer has argued.
In an article at Thecoversation.edu.au University of Canberra law lecturer, Bruce Arnold, argues the high number of data leaks happening in Australia and overseas shows that the government must step up and move beyond privacy guidelines.
“Australia needs a privacy watchdog that is quick to act, a watchdog that, like its overseas counterparts in the UK and US, is equipped with the sort of financial penalties that get the attention of executives,” Arnold wrote.
“Shaming is not enough: where there is improper sharing we need real punishment to stop future problems.”
Using the example of the South Australia-based paternity and drug-testing laboratory, Medvet which last month experienced an online software error that caused the details of 800 patients’ delivery addresses to be visible online, Arnold claimed such organisations must take their privacy responsibilities more seriously.
“The incident shows we need stronger privacy law and meaningful enforcement,” Arnold wrote. “We also need a cultural change, whereby institutions regard themselves as data custodians rather than data owners and therefore take their responsibilities more seriously.”
Arnold agreed with Clearswift’s Phil Vasic that the Sony hacks showed the need for data breach laws needing to be changed.
“Medvet has been unfortunate but there is no reason to believe that such a breach is exceptional,” Arnold wrote. “Other organisations – including universities, government agencies and multinational corporations with the very best information technology money can buy – have experienced unwanted exposure of “their” data, i.e. information about you, me and the people next door.”
Follow Lisa Banks on Twitter: @CapricaStar
Follow Computerworld Australia on Twitter: @ComputerworldAu
Related Articles
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- Bookmark this page
- Share this article
- Got more on this story? Email CIO
- Follow CIO on twitter
-
Spiceworks' free management software gets integrated MDM
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Opinion: Why national e-health is not for everyone
-
Managing the Rapid Rise in Database Growth: 2011 IOUG Survey on Database Manageability
As the era of “Big Data” marches on unabated, data is coming from an ever wider range of sources, including transactional systems, mobile devices, sensors, streaming media, and social networks. Businesses are looking for innovative ways to better leverage terabytes—and for some, petabytes—of information. Read more. -
New Demands for Real-time Threat Management
Many organisations are evaluating a new security model based upon IT risk management best practices. This is a good idea, but not enough for today’s dynamic and malevolent threat landscape. To keep up with IT changes and external threats, large organisations need to embrace two new security practices: real-time risk management for day-to-day security adjustments and real-time threat management to detect and remediate sophisticated, stealthy, and damaging security breaches (i.e., advanced persistent threats, or APTs). Learn more. -
Advanced Persistent Threats and Real-Time Threat Management
Businesses face a constantly evolving threat landscape. One of the greatest challenges is presented by advanced persistent threats (APTs), which are sophisticated, multi‐faceted attacks targeting a particular organisation. Mitigating the risk of APTs requires advances beyond traditional layered security to include real‐time threat management. This whitepaper describes the nature of APTs, the risks they pose to businesses, and techniques for blocking, detecting, and containing APTs and other emerging threats. Read now.
Get exclusive access to Invitation only events CIO, reports & analysis. 
