Google+

Tuesday, 27 November 2012

Privacy commissioners seek greater power as breaches increase

Privacy commissioners of Australia and New Zealand said they need more enforcement authority to combat data breaches and other privacy concerns.

Whilst we agree data breaches can be a cause of identity theft it is the lack of legislation that will allow Police to charge employees who steal data and breach privacy that is at odds with the commissioners enforcement requirements.

A recent Kroll Global Fraud Report indicated that over two thirds of corporate frauds are committed by insiders. Even the Attorney-General herself said, at a recent Security Conference in Canberra, "One of the greatest risks to the security of government computer systems is from exploited or corrupted public servants".

Data theft by employees is at epidemic levels and continues to increase. Imposing hefty fines on a small business due to a security breach by an employee only serves to further damage the effected business and does not prevent continuing occurrences.

Employees are completely immune from prosecution by Police if they steal data or any IP belonging to the company they are employed by.

There are civil remedies however a small to medium size business, whose primary asset is data, is usually so financially devastated by such a theft they cannot afford to fund litigation. The thief benefits from the theft, breaches the employers privacy policy with its customers and potentially causes additional loss for the business when it is fined under the proposed Bill.

To injunct a thief costs about $50,000.00 plus an additional surety over costs of up to $150,000.00. Most small businesses cannot afford this impost and the distraction of a usually protracted legal battle.

If the proposed Bill is to have any impact at all it must be supported by legislation that will allow Police to charge employees who misuse authorised access, to a computer or computer system, to steal data from their employers.

Most businesses, including big business are completely unaware that if an employee, or in fact anybody who has been provided access to their business steals data, they cannot be prosecuted by Police.