When it comes to privacy, bank customers in Australia are left to choose between garbage, trash or junk.
That is how Gartner's vice president of research, Rich Mogull, describes the current data privacy landscape in Australia.
A strong advocate of the introduction of disclosure laws which force banks to notify customers of a security breach, Mogull said the Australian government needs to act by implementing legislation that includes penalties to ensure compliance.
Without these laws, Mogull said customers cannot make an informed decision when seeking a financial services provider.
He said breaches are occurring in Australia but it is impossible to get meaningful statistical data that could provide some insight into the current IT security landscape.
"There is no legislative protection in Australia just the National Privacy Principles [under the Privacy Act] which are not enforced; the current landscape in Australia is what it was like in the United States pre-2005 before the first breach notification law was introduced in California," he said.
Mogull's comments delivered at Gartner's IT security summit in Sydney today are part of a broader push for changes to the Privacy Act currently being reviewed by the Australian Law Reform Commission (ALRC).
The ALRC is releasing a discussion paper next month recommending the introduction of security breach disclosure laws in Australia with the final report to be delivered to the federal Attorney General, Philip Ruddock in March, 2008.
The recommendation also has the support of the Federal Privacy Commissioner, Karen Curtis.
Mogull said disclosure laws in the US have been the biggest single driver in improving the IT security landscape. Under the Californian law, which he said is the first of its kind in the world, if a specific combination of data is disclosed then customers must be notified. That combination includes the customer's first and last name, along with credit card and banking details, and social security number. "The law was ignored for two years until the Choice Point breach then the flood gates opened," Mogull explained.
"Previously there was no external pressure to act. If an organization is losing customer data and it doesn't affect the business then there is no impact.
"The customer suffers but the business doesn't. There is a built-in market force to keep your mouth shut. Basically, market forces are working against privacy protection."
NetApp quits bidding war in face of EMC opposition
Newest IE bug could be next Conficker, says researcher
Analysts: Google has muscle for long-term battle with Microsoft Windows
No sign of North Korean backing in bot attacks on US sites, says researcher
T-Mobile launches myTouch 3G; no plans for HTC Hero
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Wireless LANs: Is My Enterprise At Risk?
Keeping your SQL Server Going 24x7
Best Practices in Lifecycle Management
Reducing the risk of insider abuse
Business Processes and Customers - Difficult Domains to Integrate
Customer Experience Management: Improving the Consistency and Quality of Customer Interactions
Providing Business Continuity and Disaster Recovery for Microsoft Cluster Server and Windows Server 08 Failover Clustering Apps
How to Beef Up Your Sales Pipeline
Zones provide focussed content from Computerworld and leading technology partners.
Comments
Post new comment