Remember how the entire telco/IT industry recommended a full fibre broadband network, but the LNP said they could do it faster, better, cheaper... and are currently doing it twice for thrice the price? Yeah... Tell me again why anyone trusts politicians?
Exactly what we said would happen in the first place. Libs really fucked us over with their stupid first attempt at data and cyber sec legislation, so misinformed. Almost impressive how firmly they had a grasp of the wrong end of the stick when it comes to data and privacy policies.
“Technological advancements have enabled malicious actors to develop vast data profiles on businesses, individuals and officials for intelligence gathering and commercial purposes.”
The strategy points out that businesses have voiced concerns that they are required to store substantial amounts of data for excessive periods of time, making them potentially high-value targets for hacking.
This was something raised in the wake of the Optus and Medibank data breaches, where tens of millions of customer records dating back years were exposed, with some then ending up on the dark web.
Alistair MacGibbon, senior strategy officer at CyberCX, told Guardian Australia a good rule of thumb was that businesses cannot lose or misuse data they do not keep in the first place.
“We need corporations and government to have that view, but that doesn’t mean no information should be collected or retained, including for law enforcement purposes.
MacGibbon said there was a tendency for businesses to misinterpret their collection obligations, and that there was value in reviewing the existing laws to see if they were still fit for purpose.
The original article contains 552 words, the summary contains 176 words. Saved 68%. I'm a bot and I'm open source!
This is only half the problem. The other half is that companies are retaining data they don't need to retain any more, as per the existing laws.
Example: one of my former employers was involved in a data breach last year. I left that place ten years ago. Why do they even still have data of me that could be washed up in such a breach, when as far as I know, they have to legal requirement to retain employment records beyond seven years?
Regulation and legislation needs to potentially reduce the amount and kinds of data companies have to keep for a certain time - but also oblige companies to diligently delete data that are outside of the requirements.