Privacy Advocates Oppose Aussie Data Breach Laws 25
schliz writes "This week, Australia's Attorney-General released a discussion paper about introducing laws that would force companies to notify members of the public any time personal information about that customer falls into the wrong hands. California introduced similar mandatory data breach notification laws in 2003, but Australian privacy advocates are now opposing the move, saying it's a decade too late."
Too late? (Score:2)
It doesn't make the data more secure but perhaps the exposure will shame companies into better security.
Privacy != Security (Score:3, Insightful)
Since when has security and privacy even been the same things. The companies now, jizz data to anyone who'll pay for it. Even banks sell financial data these days, telecoms is a data selling field day. None of these things would be 'notified' as a data breach, since they're normal data selling business.
So not only is it a deflection, a way of heading off a decent privacy law, it would give people a false sense of privacy. They hadn't been notified their data had been lost because it hadn't been lost, it had
Re:Privacy != Security (Score:4, Informative)
Generally, in theory at least, authorized data transfers wouldn't be using it to commit identity theft or fraud or other damaging acts. However, notifying customers of a data breach by unauthorized entities, could allow those customers to take steps to monitor their credit and or make the company liable if something damaging happens from it.
Re: (Score:2)
I do not think that all or nothing is any better.
I don't really think law enforcement requests should be notified- if the investigation points to no wrong doing, the information is destroyed and not retained by law enforcement. On the other hand, cold cases can be solved because investigations have access to new technology later and notifying someone they were investigated may be enough to remove this future evidence. It's like that guy in Florida who killed people. He put a surgical tube full of someone el
Re: (Score:1)
I support being told when someone has unauthorized access to my data... for example... the coles breach a couple of years ago (what you didn't hear about that? not surprised - they only just admitted to it after months of me hounding) and the pizza hut breach (they still won't admit to it)
Re: (Score:2)
authorized data transfers wouldn't be using it to commit ... other damaging acts.
That statement misses the point of the privacy advocates; that the authorized data transfers are, in fact, being used to commit other damaging acts. As both a student of economics and having spent several years doing behavioral targeted advertising, I am strongly convinced that it is damaging to our economy. It causes consumer behavior that is very different from rational self-inteterest, which is the bedrock upon which the eff
Re: (Score:2, Insightful)
Yeah, imagine, getting a text "Your personal data, including SSN, address, phone number, and other collected data from your browser was sold by company X to company Y and Z". A few minutes later, you find out company Z made another deal with A through H and so on. And at the end of the day, you'd think, OMG these bastards made a fortune just from selling my data alone, and I still have to pay for their crappy services.
Re: (Score:2)
That exposure should also extend to law enforcement. Whilst it could be argued that to allow investigation to proceed that invasions of privacy by police and other agencies, there should be a time limit on it. Eventually the police and other investigatory agencies should be held accountable for all their invasions of privacy.
Where any invasion of privacy did not lead to a conviction or even a charge being made against the person whose privacy they invaded, the police and other investigatory agencies shou
wait, what? They should make up their minds... (Score:2)
...data security is such an issue (or at least it should be) that breaches should be notified, not least to incentivise companies to make sure that data is secure. This is me, a privacy advocate saying; this is better late than never. Yes, they should have done it a decade ago, but this game of one-upmanship the so-called privacy advocates at large are playing saying "Fuck you, we're not listening to you any more because you should have done this long ago!" only serves to damage the campaign.
That's not an argument (Score:2)
I tought there are some real arguments against the law in TFA, but there's only whining how it's too late. Well it certainly won't help data exposures before the passing of the law, but I don't know of any event that made such a regulation obsolete. It is in fact still very common for corporations to lose loads of personal data because they are too lazy to protect it. A law like this may not be effective enough to change that, but definitely not because it's 'too late'. It's as actual as ever.
Re: (Score:2)
I tought there are some real arguments against the law in TFA, but there's only whining how it's too late. Well it certainly won't help data exposures before the passing of the law, but I don't know of any event that made such a regulation obsolete. It is in fact still very common for corporations to lose loads of personal data because they are too lazy to protect it. A law like this may not be effective enough to change that, but definitely not because it's 'too late'. It's as actual as ever.
You know how children can be sometimes. They want something, mum and dad don't give it to them, they throw a temper tantrum and get all worked up. Finally mum and dad give it to them. Kids response; "don't want it now".
Re: (Score:2)
the only argument in there is that every organization is breached already.
it's just PR to bring up his name on the press really.
Too little too late (Score:3)
http://www.canberratimes.com.au/opinion/politics/roxons-calls-on-slippers-crudities-show-questionable-judgment-20121017-27rgz.html [canberratimes.com.au]
http://www.crikey.com.au/2012/10/18/how-not-to-launch-a-public-debate-by-the-a-gs-department/ [crikey.com.au]
http://www.crikey.com.au/2011/10/20/asio-reels-in-a-g-line-on-illegal-fishing-hook-line-and-sinker/ [crikey.com.au]
And the reason is it's too late? No sense... (Score:1)
I read the opinion piece and...well..it's stupid. He says it's a good thing, but it's too late and will take too long to implement so lets just not do it at all. Insert car analogy here is one so wants...
We should always strive to improve even if we're a bit late to do so. A better late then never approach I think is best most of the time...Yes I know, there is plenty of times too late is too late.
The mind boggles, maybe someone else here can shed light on why? Maybe there is a
Like CAN-SPAM, a weak law is an excuse to not have (Score:1)
Re: (Score:2)
The linked opinion piece seems a bit hastily and sloppily written. It spends far too much time grumbling about inconsequential crap.
I think the main point is that this: it's too little, too late, and stands in the way of truly progressive legislation. The argument is that people will became complacent and develop a false sense of security. This doesn't even attack a symptom; it's simply raises a red flag whenever the symptom flares up. In the early days, raising the alarm and educating the mainstream ab
Naked In Public (Score:1)
Those of us who were around as scientists, engineers, and programmers back in the 1980's and '90's committed a collective epic fail of foresight when we didn't insist on "privacy by design" standards from the outset. In our headlong rush to connectivity and interoperability, we built systems that were ripe for commercial, governmental, and criminal data mining, and did not effectively campaign for legal safeguards or adequately forewarn the general public. We were, in our heady world of fast-paced progress