Symantec reveals Government data-breach plan

Beverley Head
Friday, 11 December 2009 07:44

Business IT - Security

Australian enterprises should expect and prepare for new legislation which will force them to disclose data security breaches according to the president and chief executive officer of leading computer security firm Symantec.

On his first visit to Australia since being appointed to the top job, Enrique Salem said that the company had been working with the Federal Government and providing advice regarding the drafting of disclosure laws.

In October cabinet secretary Joe Ludwig, in the Government’s first response to the Australian Law Reform Commission’s recommendations regarding privacy legislation, indicated that a decision regarding the ALRC’s proposals on data breach disclosure would only be available in the Government’s second response, which Salem today appeared to pre-empt.

”It absolutely will happen here and in New Zealand,” said Salem at a Sydney briefing this morning. Symantec executives had been working with both the ALRC and the Department of Prime Minister and Cabinet on the issue he said.

In his October announcement Ludwig accepted that a data security principle should be added to the list of Unified Privacy Principles in the amended legislation, but he indicated that it would be premature to cross reference that to data breach provisions until after the government completed its review of the ALRC’s recommendations regarding data breach notification provisions. This would be addressed in the Government’s second response to the ALRC recommendations now expected in 2010.

Confident that the Federal Government would soon demand disclosure of breaches, Salem said that in the US 46 States had legislation in place “so that disclosure is not an option”. At present Australian organisations are not compelled to report data security breaches.

continued page 2