We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
75,052 News Articles

Sony hacks show need for data breach disclosure laws

The repeated hacking of Sony's PlayStation Network hack has demonstrated the need for Australia to adopt mandatory data breach disclosure laws, a local security director has claimed.

While the PlayStation Network was back up and running for Australian users today, director of Clearswift, Phil Vasic, said mandatory disclosure laws would help prevent similar security issues from arising again.

"I think we need some kind of law in regards to mandatory disclosure," he said. "...but the question on fines really needs to be decided via the Privacy Act."

Vasic said disclosure laws have driven US companies to achieve best practice outcomes, and that such legislation in Australia could have a positive impact in reducing the number of cyber attacks and prevent the privacy act from continuing to be a toothless tiger.

"The onus locally has been really for the government to somehow become more responsible with mandatory disclosure laws," Vasic said. "The US has had those for a while now and that's helped from a customer perspective and drives the right kind of best practice behaviour.

"The privacy act would help if it was taken a step further...it's a bit of a toothless tiger...we do have pretty good regulatory guidelines...but I think certainly this would take it a step further and drive best practice."

While last week's Privacy Awareness Week was a positive step by the government, Vasic said politicians need to lift their game through legislation.

"We continue to get that message out there locally that there needs to be more done," Vasic said. "Privacy acts have changed somewhat over the years, but no other body has really stepped up to enforce it.

"...Inevitably we're going to have to look at disclosure laws in and around that."

Sony's decision to hire its first chief security officer after the attacks gave insight into the security priorities of the company Vasic said.

"One of the key things from Sony is that they've just announced they have a Chief Security Officer," he said. "This is a little bit concerning given that they do millions of dollars of business over the internet."

To recover from the impact of the past few months, Vasic recommended that Sony should go back to basics, ensuring that they create an easy to understand privacy policy for both internal staff and external customers.

"Reputation has become such a big issue. Sony have recognised the damage it has done to them," he said.

"...I think its back to the fundamentals so Sony has a policy everyone understands both internally and externally and appropriate to the situation."

Electronic Frontiers Australia this weekhighlighted the need to strengthen the privacy act, by making information held by a company available to end user.

Follow Lisa Banks on Twitter: @CapricaStar

Follow Computerworld Australia on Twitter: @ComputerworldAu


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

iOS 8 features wishlist: the changes iPhone and iPad users want in Apple's iOS 8

IDG UK Sites

25 Years of the World Wide Web: Happy Birthday, Intenet

IDG UK Sites

Developers get access to more Sony camera features