[LINK] Super fund security breach lands good Samaritan in hot water

Marghanita da Cruz marghanita at ramin.com.au
Wed Oct 19 09:16:49 AEDT 2011

Jan Whitaker wrote:
> Super bad: First State set police on man who showed them how 770,000 
> accounts could be ripped off
> http://www.theage.com.au/it-pro/security-it/super-bad-first-state-set-police-on-man-who-showed-them-how--770000-accounts-could-be-ripped-off-20111018-1lvx1.html
>  From the article:
> Asked whether the legal letter was heavy-handed given that Webster 
> could have just as easily released the vulnerability to the hacking 
> community, Dwyer said First State Super approached police as a matter 
> of course when there was a privacy breach. [PRIVACY breach? This was 
> a security breach. They report to the police, which is good, but 
> makes me wonder if this is standard practice.]
It is the Privacy laws that may have been breached - there isn't a general
security law.

This topic, not the specific example, came up at yesterday's Connecting
with Confidence public discussion paper forum. I suggested, what is
needed is an equivalent of the Responsible Serving of Alcohol RSA
Certificate - a Responsible Collection of Data certificate. With an
obligation to ensure directors/office bearers are aware of their

Tom blogged event here:

Marghanita da Cruz
Tel: 0414-869202

More information about the Link mailing list