
“I know breaches are occurring, banks don’t tell me when they have breaches, the merchants don’t tell me when they have breaches but I work with a lot of businesses here,” said Mogull.
“Australia is not getting off easy, it’s just hidden. To be honest this is a harsher environment - because of the proximity to some of the Asian economies where a lot of this happens,” said Mogull.
According to Andrew Walls research director for Gartner Australia without disclosure laws the consumer is kept in the dark and is not able to make intelligent choices about who to entrust.
Furthermore, without the laws there is a situation where business leaders do not actually believe that data loss is a problem.
“They do not understand that security is an issue for their firm because they do not see information about data losses hitting the press getting out in the public discussion groups,” said Walls.
“It’s very important that we establish quality of security practice through breach disclosure as a way of bringing market forces,” said Walls.
Since California passed the disclosure law California SB 1386 in 2003, hundreds of businesses have been forced to advise those affected in a breach.
“I know for a fact that breaches occurred before this law, but they were not public,” said Mogull. “There are no disclosure laws here and we have national privacy principals which are essentially not enforced.”
According to Walls, the Privacy Commissioner Karen Curtis has called for the expansion of the Privacy Act to include a requirement for disclosure and the Australian Democrats are also putting forward an amendment for the Privacy Act to require public disclosure.