By Charles Leaver

Should companies be required to immediately report breaches? (Part 1)

Breaches have been a problem worldwide, and all signs point not only to the continuation of cyber incursions, but to their growth. Particularly damaging is when a company – and specifically, a retailer’s – data leak prevention measures are maliciously circumvented, since such an attack threatens to expose private client information. For its part, the Australian government is attempting to do something about breaches on both companies and governments with a proactive piece of legislation that may lead to greater endpoint security and control among enterprises of all sizes.

A government measure to encourage full disclosure in wake of breach
A series of very large data breaches hit the U.S. toward the end of 2013, capping off a year whose new malware strains represent 20 percent of malware ever created, according to a recent security poll. Among the data attacks, the largest was one against Target which resulted in the compromising of information for more than 100 million clients. The fallout of the breach has seen a public demand for better communication between businesses and their customers, but a Australian measure that would do exactly that preceded any of the breaches.

Back in June 2013, the Australian Standing Committee on Legal and Constitutional Affairs recommended the passage of a bill that would require governments and businesses to promptly inform customers in the event of a breach, according to ComputerWorld.

A few months later, Australian Privacy Commissioner Timothy Pilgrim said he planned to send the bill through the approval process because “I think it is an important piece of legislation.”

Now, the bill has been approved by the Senate and awaits vetting by the Coalition government. In addition to its business-client transparency, the bill would allow the government greater leeway to investigate companies that fall victim to an attack. Among other things, such investigations could expose enterprise weaknesses in data loss prevention that would then have to be corrected.

The bill is being applauded by Australian lawmakers who feel it is a positive step toward increasing business-client trust.

“We would have much better visibility into the current state of information security in Australia if we had mandatory breach notification,” said Lani Refiti, who helps chair an Australian government security group.

With all the proactive security measures in Australia, one would expect comparable measures in the United States. But as we will discuss in part 2, that is not necessarily the case.

Get the General Here