The repeated hacking of Sony's PlayStation Network hack has demonstrated the need for Australia to adopt mandatory data breach disclosure laws, a local security director has claimed.
While the PlayStation Network was back up and running for Australian users today, director of Clearswift, Phil Vasic, said mandatory disclosure laws would help prevent similar security issues from arising again.
“I think we need some kind of law in regards to mandatory disclosure,” he said. “...but the question on fines really needs to be decided via the Privacy Act.”
Vasic said disclosure laws have driven US companies to achieve best practice outcomes, and that such legislation in Australia could have a positive impact in reducing the number of cyber attacks and prevent the privacy act from continuing to be a toothless tiger.
“The onus locally has been really for the government to somehow become more responsible with mandatory disclosure laws,” Vasic said. “The US has had those for a while now and that’s helped from a customer perspective and drives the right kind of best practice behaviour.
“The privacy act would help if it was taken a step further...it’s a bit of a toothless tiger...we do have pretty good regulatory guidelines...but I think certainly this would take it a step further and drive best practice.”
While last week’s Privacy Awareness Week was a positive step by the government, Vasic said politicians need to lift their game through legislation.
“We continue to get that message out there locally that there needs to be more done,” Vasic said. “Privacy acts have changed somewhat over the years, but no other body has really stepped up to enforce it.
“...Inevitably we’re going to have to look at disclosure laws in and around that.”
Sony’s decision to hire its first chief security officer after the attacks gave insight into the security priorities of the company Vasic said.
“One of the key things from Sony is that they’ve just announced they have a Chief Security Officer,” he said. “This is a little bit concerning given that they do millions of dollars of business over the internet.”
To recover from the impact of the past few months, Vasic recommended that Sony should go back to basics, ensuring that they create an easy to understand privacy policy for both internal staff and external customers.
“Reputation has become such a big issue. Sony have recognised the damage it has done to them,” he said.
“...I think its back to the fundamentals so Sony has a policy everyone understands both internally and externally and appropriate to the situation.”
Electronic Frontiers Australia this week highlighted the need to strengthen the privacy act, by making information held by a company available to end user.
Follow Lisa Banks on Twitter: @CapricaStar
Follow Computerworld Australia on Twitter: @ComputerworldAu