Shostack + Friends Blog Archive

 

Hmmm…Breach Notification…Australia…

So there’s an article in ZDNet Australia, “Establish a strategy for security breach notification.” All well and good, but Australia doesn’t have a breach notice law. (As far as I know.)

So all you ‘new normal’ skeptics, who don’t believe me that standards are changing ahead of laws…why did a competent journalist writing for editor at a respectable Australian publication say:

When a data breach occurs, you obviously need to notify those affected. You definitely do not want to tell people that someone accessed their personal information in an e-mail. Users could easily mistake such an e-mail as a phishing attempt and delete it without reading it. (Emphasis added.)

[Updated: The article was picked up from Techrepublic–I think the point stands, but not as strongly.]

2 comments on "Hmmm…Breach Notification…Australia…"

  • Long Time Reader, First Time Caller says:

    I am sorry to say, but the author of that article is not ‘a competent journalist writing for a respectable Australian publication’ (there are so many things wrong in that quote, but we’ll focus on the author).
    The article is lifted from TechRepublic, hence the article’s header and footer, and reads just like every other column filler puff piece about breaches to have come out over the last couple of years – short on specifics, long on generalities. The resources suggested in the article are useless from an Australian perspective, being focussed almost exclusively on the US.
    As a new commenter, it’s not that I don’t believe you because I think laws predate standards (which I don’t believe). I don’t believe you – because you failed to comprehend the article.

  • Adam says:

    Fair enough, but why did ZDnet.au pick it up and run with it?

Comments are closed.