Labor to reconsider mandatory data retention laws for companies in light of major hacks
Labor to reconsider mandatory data retention laws for companies in light of major hacks
New cyber security strategy cites business concerns at having to store large amounts of data for excessive periods of time, increasing breach risk
New cyber security strategy cites business concerns at having to store large amounts of data for excessive periods of time, increasing breach risk
ShockedPikachu
You mean to tell me that storing more data means more data gets exposed during a breach‽ How could anyone have predicted this‽
Oh wait. Everyone in the industry said as much before the law was passed. 🙄
Remember how the entire telco/IT industry recommended a full fibre broadband network, but the LNP said they could do it faster, better, cheaper... and are currently doing it twice for thrice the price? Yeah... Tell me again why anyone trusts politicians?
From 8 years ago when Labor helped pass the laws: https://www.theguardian.com/australia-news/2015/mar/26/mandatory-data-retention-becomes-law-as-coalition-and-labor-combine
Interesting tidbit from Labor (Jacinta Collins): "...We accept that and we take responsibility for that..."
Glad to see they're admitting they're the ones responsible for this mess. Now, how are you going to compensate me for my stolen data?
Exactly what we said would happen in the first place. Libs really fucked us over with their stupid first attempt at data and cyber sec legislation, so misinformed. Almost impressive how firmly they had a grasp of the wrong end of the stick when it comes to data and privacy policies.
Yeah but how are the cops supposed to access our data without a warrant or any form of notice?
Gov: We wanted to have access to the data, so we forced companies to retain it. But we also expected them to keep it secure...
This is the best summary I could come up with:
“Technological advancements have enabled malicious actors to develop vast data profiles on businesses, individuals and officials for intelligence gathering and commercial purposes.”
The strategy points out that businesses have voiced concerns that they are required to store substantial amounts of data for excessive periods of time, making them potentially high-value targets for hacking.
This was something raised in the wake of the Optus and Medibank data breaches, where tens of millions of customer records dating back years were exposed, with some then ending up on the dark web.
Alistair MacGibbon, senior strategy officer at CyberCX, told Guardian Australia a good rule of thumb was that businesses cannot lose or misuse data they do not keep in the first place.
“We need corporations and government to have that view, but that doesn’t mean no information should be collected or retained, including for law enforcement purposes.
MacGibbon said there was a tendency for businesses to misinterpret their collection obligations, and that there was value in reviewing the existing laws to see if they were still fit for purpose.
The original article contains 552 words, the summary contains 176 words. Saved 68%. I'm a bot and I'm open source!
This is only half the problem. The other half is that companies are retaining data they don't need to retain any more, as per the existing laws.
Example: one of my former employers was involved in a data breach last year. I left that place ten years ago. Why do they even still have data of me that could be washed up in such a breach, when as far as I know, they have to legal requirement to retain employment records beyond seven years?
Regulation and legislation needs to potentially reduce the amount and kinds of data companies have to keep for a certain time - but also oblige companies to diligently delete data that are outside of the requirements.