Hmmm…Breach Notification…Australia…
So there’s an article in ZDNet Australia, “Establish a strategy for security breach notification.” [link to http://www.zdnet.com.au/insight/security/print.htm?TYPE=story&AT=339272771-139023764t-110000105c no longer works] All well and good, but Australia doesn’t have a breach notice law. (As far as I know.)
So all you ‘new normal’ skeptics, who don’t believe me that standards are changing ahead of laws…why did a competent journalist writing for editor at a respectable Australian publication say:
When a data breach occurs, you obviously need to notify those affected. You definitely do not want to tell people that someone accessed their personal information in an e-mail. Users could easily mistake such an e-mail as a phishing attempt and delete it without reading it. (Emphasis added.)
[Updated: The article was picked up from Techrepublic–I think the point stands, but not as strongly.]
I am sorry to say, but the author of that article is not ‘a competent journalist writing for a respectable Australian publication’ (there are so many things wrong in that quote, but we’ll focus on the author).
The article is lifted from TechRepublic, hence the article’s header and footer, and reads just like every other column filler puff piece about breaches to have come out over the last couple of years – short on specifics, long on generalities. The resources suggested in the article are useless from an Australian perspective, being focussed almost exclusively on the US.
As a new commenter, it’s not that I don’t believe you because I think laws predate standards (which I don’t believe). I don’t believe you – because you failed to comprehend the article.
Fair enough, but why did ZDnet.au pick it up and run with it?