[LINK] Super fund security breach lands good Samaritan in hot water
Marghanita da Cruz
marghanita at ramin.com.au
Wed Oct 19 09:16:49 AEDT 2011
Jan Whitaker wrote:
> Super bad: First State set police on man who showed them how 770,000
> accounts could be ripped off
> http://www.theage.com.au/it-pro/security-it/super-bad-first-state-set-police-on-man-who-showed-them-how--770000-accounts-could-be-ripped-off-20111018-1lvx1.html
>
> From the article:
> Asked whether the legal letter was heavy-handed given that Webster
> could have just as easily released the vulnerability to the hacking
> community, Dwyer said First State Super approached police as a matter
> of course when there was a privacy breach. [PRIVACY breach? This was
> a security breach. They report to the police, which is good, but
> makes me wonder if this is standard practice.]
<snip>
It is the Privacy laws that may have been breached - there isn't a general
security law.
This topic, not the specific example, came up at yesterday's Connecting
with Confidence public discussion paper forum. I suggested, what is
needed is an equivalent of the Responsible Serving of Alcohol RSA
Certificate - a Responsible Collection of Data certificate. With an
obligation to ensure directors/office bearers are aware of their
responsibilities.
Tom blogged event here:
<http://blog.tomw.net.au/2011/10/protecting-canberra-from-cyberattack.html>
Marghanita
--
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202
More information about the Link
mailing list