Privacy Commissioner issues voluntary data breach guide
The Australian Privacy Commissioner, Karen Curtis, has released a "Guide to Handling Personal Information Security Breaches" (pdf). It is a voluntary guide for use by businesses, agencies and non-government organisations in preventing and, if necessary, responding to a data breach.
The Guide includes four key steps to consider when responding to a breach:
Step 1: Contain the breach and do a preliminary assessment
Step 2: Evaluate the risks associated with the breach (risk analysis is on a case-by-case basis: not all breaches necessarily warrant notification).
Step 3: Consider notification
Step 4: Prevent future breaches.
With regard to Step 3, the Guide suggests that individuals affected by a breach should only be notified where a breach creates a real risk of serious harm to the individuals. This is consistent with the recent ALRC report recommendation.
The Guide incorporates illustrative examples which will assist in circumstances, such as whether notification is an appropriate response.
TJ Maxx, Siesint settle federal data breach charges TJX, the parent company of retailers T.J. Maxx and Marshalls and data brokers Reed Elsevier and Seisint reached settlements with the Federal Trade Commission last week in two unrelated data breach cases...
Australia's data breach stats prove nothing The IT security writer for ZDNet Australia has a bone to pick with the Federal Privacy Commissioner about the lack of information on breaches of security of personal information in the public and private sector in this article with the catchy title "Why I hate the Privacy Commissioner's office" He's got a point - as long as there is no obligation to report significant data breaches, or notify those who may be effected, we will remain in the dark about theft or misuse of personal information...
Privacy Commissioner tables annual PIPEDA report The Privacy Commissioner of Canada tabled her annual report to Parliament on the Personal Information Protection and Electronic Documents Act for 2007 on June 3, 2008. The report is here: Annual Report to Parliament 2007 Report on the Personal Information Protection and Electronic Documents Act - Privacy Commissioner of Canada...
Justice Breyer's Information Available on Limewire It does not take much to have a security breach. Just one person can facilitate it. In this case, someone at a high-end investment firm installed LimeWire at the office. According to AP the breach began at the end of last year and continued to June of this year...