Can Australia survive a UK style data breach?
By
Negar Salek
26 November 2007 01:44PM
Tags:
data | leakage | data | security | hmrc | security | breach | ip | security | computer | security | prvicay | commissioner
Australia’s Privacy Commissioner Karen Curtis has warned local government agencies and businesses to adhere closely to the Privacy Act in order to avoid a disastrous UK style data breach.
Curtis said Government Agencies and private sector organisations should regularly review the security and storage standards they have in place to ensure that they meet the appropriate standards to protect the personal information they hold.
"The Privacy Act requires Australian government and ACT government agencies, as well as many private sector organisations, to ensure that personal information is stored securely, collected and used appropriately,” said Curtis.
“As a consequence, adherence to the Privacy Act should help to mitigate the likelihood of events similar to those in the UK occurring here."
Dubbed ‘UK’s worse ever data breach’, reports surfaced last week that UK government’s HM Revenue and Customs department, responsible for collecting the bulk of tax revenue as well as paying Tax Credits and Child Benefits, lost two CDs containing confidential information including banking details of over 25 million child benefit recipients.
Calls to implement stricter security controls in the UK have emerged in light of the incident, adding pressure on agencies and company directors.
Curtis urged Australians to ensure that they have the appropriate security standards in place to prevent breaches occurring which could have dire consequences for the parties involved.
"Breaches, such as this one, can result in a significant loss of community or consumer trust, which can have a dramatic impact on the effectiveness of a government agency or the 'bottom line' of an organisation," she said.
On a positive note, Raimund Genes, CTO at Trend Micro said that from his experience, Australians are far more security conscious - especially in regards to banking data - than individuals in UK.
“I just have to ask a few individuals just two or three questions and I get the security mindset of a country. I asked some people if they do online banking, are they concerned about security and whether or not their bank provides two factor authentication or smart tokens?" he said.
The results, many Australians do online banking and most are concerned about the security implications of their activities. Whereas, in the UK, he found that many individuals do online banking but are less security concerned and chose ease of use over authentication technologies.
"Just based on this method, which I do everywhere, I would say that Australia is in the medium range, most businesses in Australia are required to use two-factor authentication," Genes said.
However, he warned it was not easy to tell how well a government was doing in terms of security due to the global nature of the Internet.