« Board of Taxation Discussion Paper on GST and cross‑border transactions | Main | CAMAC market integrity report »

Data breach prevention

Australia does not yet have mandatory data breach notification laws (see last year's ALRC proposals) so we don't know about breaches other than those that get public notoriety (eg files dumped in bins, stolen laptops or forgotten CD's.)

But we can learn from those breaches analysed in the USA: Verizon has published its 2009 Data Breach Investigations Report.

Its analysis of data breaches concluded:

  • 74% were caused externally, 20% internally;
  • 67% were aided by errors, 22% involved privilege misuse;
  • 69% were discovered by a third party, 87% were considered avoidable through simple controls.
The 5 recommendations were:
  • Ensure essential controls are met.
  • Have data retention policies: find, track, and assess data.
  • Collect and monitor event logs.
  • Audit user accounts and credentials.
  • Test and review web applications.

In Australia the Privacy Commissioner has issued a Voluntary Data Breach Notification Guide.

July 31, 2009 in Privacy | Permalink


TrackBack URL for this entry:

Listed below are links to weblogs that reference Data breach prevention:


The comments to this entry are closed.