Varonis welcomes proposals to bring Australian data breach rules inline with those in the US and Europe
New York (US) and London (UK): Data governance specialist Varonis Systems has welcomed news that the Australian government is contemplating a mandatory notification rule for any organisation suffering a data breach.
David Gibson, Varonis’ Vice President of Strategy, says that the discussion paper issued by the Australian Attorney-General – which seeks comments on whether organisations should be required to report breaches, what kind of breaches should have to be reported, who should be notified, and what penalties should apply for failure to comply – is excellent news.
“The most important aspect of the proposed legislation – apart from the mandatory reporting requirement – is the naming and shaming of those organisations whose security negligence has resulted in customer data leaking out to the Internet and/or being stolen by cybercriminals,” he said.
“This will give ordinary citizens – as well as third-party organisations – a chance to learn about the data misdemeanours of Australian businesses and public sector agencies, and help them make a choice,” he added.
The Varonis Vice President went on to say that as virtually every facet of our lives becomes digital, citizens begin to understand the need to protect their data as an asset, in the same way they protect they protect money.
In many ways, he says, money and data are strongly linked, as personal data that is stolen or lost as a result of a data breach is now bought and sold on the identity theft marketplace.
Company data, meanwhile, he adds, is bought and sold for industry espionage and competition purposes, as its loss results in public embarrassment and regulatory fines for the organisation involved.
The Internet, he explained, has given rise to a new level of transparency and fluidity of information, where companies suffer the ignominy of being named, shamed, and fined and lose business as a result of a breach.
“This is why legislation such as that which is being proposed in Australia is so important. We hope that, if anything, the Australian government imposes strong penalties on the organisations whose carelessness results in a data breach,” he added.
“At the very least, this should prompt organisations who fail to protect their structured and unstructured data – perhaps by recklessly outsourcing to a free or low-cost cloud service provider without doing the necessary checks – to re-evaluate their data governance strategy.” he added.