Australia to Impose Penalties on Firms 'Lacking Data Security'
By Kalyan Kumar | July 1, 2014 12:55 PM EST
Australia will be setting tougher measures for all violators of data protection, especially those related to personal data security.
Privacy Commissioner Timothy Pilgrim has announced he will take a serious view of any business failing to protect personal data. For stringent actions, he is now armed with the legal teeth of the privacy law effective March 2014 to punish the offenders.
The security issues took a serious turn after the data breach in 2013 at the Australian dating site of Cupid Media Pty Ltd. That opened the can of worms on data security.
Pilgrim publicly said Cupid's information security practices were seen deemed by the provisions of the new Privacy Act in force.
Cupid's story is one of unpatched vulnerabilities and compromises of customer database with personal data stolen and made public. So names, dates of birth, email addresses and passwords of 2,000,000 plus active Australian customers were exposed.
The commissioner observed that password encryption strategies were already available to all firms. They include safeguard measures like hashing and salting and could have been used by Cupid to prevent unauthorized access to user accounts. There was abject failure in taking simple and effective steps and abide by the reasonable security steps required by the privacy law.
If Cupid's data breach occurred after March 12, the day Australia's privacy law came into force would have given the privacy commissioner the teeth to impose huge financial penalties on the offending firm. Although Cupid escaped the penalty, the commissioner asked the company to behave and follow collaborative approach by working with the Office of the Australian Information Commissioner and avoid recurrence of such incidents.
The incident was a timely reminder that personal data is much more explosive than financial data. The serious warning of Pilgrim reminds that the non-technical managers of online businesses will have to stay alert and be proactive with their technical staff.
Verizon Remedy Initiative
With data breaches making news, the Verizon 2014 Data Breach Investigations Report finds two-thirds of breaches happening in lost/stolen user credentials. But business can offset the risk by using a single credential for both the physical and virtual worlds. Verizon will be offering a new service called Smart Credential shortly usable as a single trusted identity to connect the online and physical world.
To contact the editor, e-mail:
Most Popular Slideshows
- Taylor Swift Named Forbes' Second Highest Paid Country Musician [PHOTOS]
- Forever Lost: Indescribable Anguish for Malaysia Airlines MH17 Families, Remains of Some Victims May Never Be Found (PHOTOS)
- Global Aviation Accidents: UN to Form Safety Task Force, Gov'ts Should Share Intelligence Info to Avert Future Incidents on Flying Over Warzones (PHOTOS)
- Lunch with the Gods: Pope Francis Eats with Vatican Workers in Cafeteria
Join the Conversation
- Samsung Galaxy S5 Alpha Leaks Online: Release Date, Five Features to Wait for New Smart Phone
- Photos of Motorola Moto X+1 Prototype and Specs Leak Online, Release Date, Four Fresh Features Revealed
- Sony Xperia Z3: Release Date, Five Features to Expect from New Android Smart Phone
- Nexus 6 Likely Confirmed as Motorola 5.9-Inch Phablet on Release Date – Report
- Xiaomi Mi4 vs. OnePlus One—Specifications, Features, Release Date and Price Showdown
- Manchester United Transfer News: Wilfried Zaha Might Stay After Impressing Van Gaal Against Inter [VIDEO]
- Grimm Season 4 Spoilers: Comic-Con Answers Served, Nick 'Un-Grimmed' Affects His Wesen Friends' Honeymoon
- Transfer News: Ron Vlaar to Consider Villa Exit, May Move to Tottenham
- AS Roma's Seydou Keita Throws Water Bottle at Real Madrid defender Pepe for Spitting [VIDEO]
- The Mentalist Season 7 Spoilers: CBS Skips Simon Baker's Patrick Jane in Fall Schedule, Josie Loren Joins Cast