Another hack – another potential compromise of customer data…. and this time the target was Sony. This event is starting to spark calls for the government to legislate mandatory disclosure – but will it ever happen!?
The Sony Hack incident is said to have occurred between the 17th and 19th of April 2011, whereby hackers gained access to Sony’s PlayStation network, potentially gaining access to the account information of a reported 77 million users. It is understood that this includes names, addresses and…. drum roll please…. customer credit card information. Uhh ooo!
What’s more interesting about this story is that it’s sparked some discussions relating to mandatory disclosure. In recent comments on the Sony hack by Rob Forsyth (A/NZ managing director of Sophos), Forsyth is reported to have suggested that the government must legislate for mandatory disclosure, noting that it has been proposed in a large number of privacy recommendations.
If personally identifiable information is lost, companies must notify both the general public and the individuals whose information has been stolen…
Forsyth told ABC radio programme The World Today that the theft of address and birth date details, and possibly credit card numbers (although Sony currently maintains that there is no evidence that these were compromised in the breach) – highlights Australia’s lack of a disclosure regime.
“Sony was not quick to notify people that there had been a breach of security,” RMIT lecturer Dr Mark Gregory told the same programme, even though the speed with which the network was shut down demonstrated that Sony was aware of the problem before it went public. Gregory backed Forsyth’s call for a disclosure regime.
Government needs to legislate a proper regime for this – said Gregory.
Your Views Needed!
There’s been talk of the need for changes to disclosure laws for a few years now, but does anyone think this will ever happen in Australia? The majority of security vendors often talk of this happening, but maybe we need to see a few more major data breaches / incidents before people start to take this more seriously and finally do something about it!
What’s your view on mandatory disclosure laws in Australia?
Keen to hear your views – so feel free to comment / reply on this post.