Sony strengthens case for data breach law

Sony strengthens case for data breach law

Summary: Regulations that will force Australian organisations to disclose whenever customers' data has been stolen may be one step closer, following the disastrous hacking of Sony's PlayStation Network (PSN).

SHARE:

Regulations that will force Australian organisations to disclose whenever customers' data has been stolen may be one step closer, following the disastrous hacking of Sony's PlayStation Network (PSN).

In a statement issued yesterday, Justice, Home Affairs and Minister for Privacy and Freedom of Information Minister Brendan O'Connor said that such a system "appears necessary" in the face of privacy breaches "such as those we've unfortunately seen recently".

The Australian security industry has been debating the need for such a system for some time. Under current law, many security breaches are kept quiet, despite potentially damaging consequences for those who have had their information stolen. The PlayStation case, which resulted in extensive downtime for the online gaming network following a virtual break-in and the theft of customer information, could affect up to 1.5 million Australians.

At the heart of the changing legislative path is the Federal Government's pending response to the Australian Law Reform Commission's review of Australian privacy law. Dubbed "For Your Information — Australian Privacy Law and Practice", the report was released in August 2008 and contained a strong recommendation that Australia introduce data breach disclosure laws.

However, at the time, Special Minister of State, Senator John Faulkner, told journalists that it is likely to be at least 18 months before the government will consider legislating for mandatory data breach laws. This week, O'Connor wouldn't give a firm commitment as to when the government would respond to the mandatory data breach recommendation in the ALRC report.

"The government will consider its response to the remaining 98 recommendations of the ALRC review into privacy, including a proposal to require companies to inform customers of a data breach," he said. However, the Minister noted that he is "very concerned" about the alleged theft of personal data belonging to customers who have PlayStation Network accounts.

"I've raised the issue with the Privacy Commissioner," he said. "The Privacy Commissioner has the power to investigate potential breaches of privacy, and may do so in response to a complaint or of his own volition. I understand the Privacy Commissioner has made enquiries with Sony, and will be opening an 'own motion' investigation. I don't want to interfere with that, but it is very disappointing to me that it took Sony several days to inform its customers about the breach."

In addition, the minister said, Sony isn't alone in its problems.

"We've seen serious privacy-related incidents in recent months involving other large companies. All companies that collect customers' personal information must ensure that the information is safe and secure from misuse," he said.

Topics: Government, Government AU, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • It is clear that the Labor Government will action things when it is in crisis mode.

    That said, I call on all the hackers to hack into a significant system and purposely steal customer data so the government can finally realise the situation.

    History shows, its not that hard.
    Start with hacking PayPal or Skype perhaps?
    cootified
  • Data breaches equate to theft. Theft is a crime. Crimes are to be reported. Therefore, businesses must disclose criminal activities to law enforcement and notify those individuals who have had their private data compromised.

    What value is the Privacy Act if the illegal disclosure of private data is kept a secret?
    Scott W-ef9ad