[LINK] Super fund security breach lands good Samaritan in hot water

Marghanita da Cruz marghanita at ramin.com.au
Wed Oct 19 09:16:49 EST 2011


Jan Whitaker wrote:
> Super bad: First State set police on man who showed them how 770,000 
> accounts could be ripped off
> http://www.theage.com.au/it-pro/security-it/super-bad-first-state-set-police-on-man-who-showed-them-how--770000-accounts-could-be-ripped-off-20111018-1lvx1.html
> 
>  From the article:
> Asked whether the legal letter was heavy-handed given that Webster 
> could have just as easily released the vulnerability to the hacking 
> community, Dwyer said First State Super approached police as a matter 
> of course when there was a privacy breach. [PRIVACY breach? This was 
> a security breach. They report to the police, which is good, but 
> makes me wonder if this is standard practice.]
<snip>
It is the Privacy laws that may have been breached - there isn't a general
security law.

This topic, not the specific example, came up at yesterday's Connecting
with Confidence public discussion paper forum. I suggested, what is
needed is an equivalent of the Responsible Serving of Alcohol RSA
Certificate - a Responsible Collection of Data certificate. With an
obligation to ensure directors/office bearers are aware of their
responsibilities.

Tom blogged event here:
<http://blog.tomw.net.au/2011/10/protecting-canberra-from-cyberattack.html>

Marghanita
-- 
Marghanita da Cruz
http://ramin.com.au
Tel: 0414-869202





More information about the Link mailing list