Mandatory data loss laws could curb security breaches

Releasing Symantec's 2009 Global Small and Mid-sized Business (SMB) Security and Storage survey in Australia and New Zealand today, executives for the security vendor said security breaches included instances where information has been subject to unauthorised access, often where the data is lost, stolen, or hacked. 

Steve Martin, SMB director at Symantec told iTnews that, by contrast, only 29 per cent of companies in the US and 27 per cent of SMBs in Canada experienced breaches.

"There are a couple of reasons for those differences," he said.

"Some of these companies don't have their own IT staff therefore they don't have the knowledge or skills to keep their security up-to-date.

"Also, companies in the US are governed by data mandatory disclosure law, which is in place in several states across the country."

Martin said the law required an organisation to inform their customers of any loss of their personal information.

The law gave organisations a myopic view on IT security and forced organisations to invest in the right protection.

However in Australia there are no such mandatory disclosures and therefore data protection isn't in the forefront of an SMB's mind.

"The current privacy laws in this region were written 23 years ago by Justice Michael Kirby when there was no Internet or mobile phone," he said. "The Australian Law Reform Commission is looking at some three hundred changes to local privacy laws, which includes data disclosure. The proposed changes are currently with Senator John Faulkner and there should be results by the end of this year, so organisations can move forward."

Symantec 2009 Global SMB Security and Storage Survey drew responses from 1,425 small and medium businesses in 17 countries with 100 responses from Australia (50) and New Zealand (50). The size of companies of respondents ranged from 10 to 500 employees.