The Office of the Australian Information Commissioner, lead by Timothy Pilgrim received 114 breach notifications last financial year - up from 107 on the year before. Given mandatory notification doesn't start for a few more months, this could be the thin edge of the wedge as companies come to grips with the new regulatory regime.
The European Union has always favoured the protection of personal privacy over the rights of governments and law enforcement to snoop on our data. Their regulations for the protection of Personal Identifiable Information (PII) have been among the strongest in the world. But, new rules, under the General Data Protection Regulation (GDPR) which were adopted in April this year become enforceable on 25 May 2018. What does this mean for Australian businesses?
By now, you'll have heard about the breach at Equifax, leading to the leaking for PII relating to about 143 million people in the US, Canada and the UK. While it's unlikely many Australians were directly affected, the nature of the breach highlights why mandatory data breach notification laws are important, that notification periods are critical and you need to ensure you're ready to communicate with anyone whose data your store.
As the amount of data we store (hoard?) increases it becomes harder to know exactly what we have. And if we don't know what data we have, it becomes challenging to know what we are protecting. Amazon Macie is a new service that uses machine learning algorithms for natural language processing to automate data classification S3 buckets.
Early next year, Australian companies will be subject to new laws requiring them to report to the Privacy Commissioner when they suffer a data breach resulting in unauthorised access of personal ideontfiable information. Generally, we think of this as being the result of a breach where a threat actor breaks into systems and steals data. But not all breaches are malicious.
