Data Theft Australia Senator The Hon George Brandis SC Deputy Leader of the Opposition Shadow Attorney General Level 7, PO Box 6100 50 King Street Senate Sydney NSW 2000 Parliament House Canberra ACT 2600 Phone +61 4 1870 0054 www.datatheft.com.au By email: [email protected] August 12, 2013

Dear Senator; RE: Proposed Privacy Amendment (Privacy Alerts) Bill 2013 The challenge for any business is that limiting user access to sensitive data is not a viable strategy to preventing data theft. Employees, sub-contractors (example health workers) across most industries need access to view and change critical data to perform their everyday job functions. An insider cannot be charged by Police or any other authority for data theft. Identity theft is only a fraction of the problem and cost to the community when compared to insider data theft. Data theft by insiders is affecting thousands of businesses and costing business owners, their employees and their families billions of dollars each year and this doesn't include the knock on effect to other parts of the community. The allure of the black market, for some insiders, will eventuate in personal data being passed to identity thieves. Identity theft on any major scale will originate from insider data theft and the medical industry is one of the most susceptible given the information contained in a patient record and access requirements for workers to meet their job requirements. In fact, on the black market in the USA, medical records are more valuable than a social security number. According to Dr. Deborah Peel of Patient Privacy Rights, it costs just 50 cents to a dollar to buy a social security number, but $14 to $24 to buy someone’s private medical details. It is not uncommon in some industries for even a small business to have many thousands of customer records. In the case of a small to medium size private medical practice this could easily be 30,000 patient records or more. An on line sales business may have hundreds of thousands of customer records. What does the business owner do if they suspect an employee has stolen customer or patient records? Do they assume the whole data base has been breached and contact every customer or patient? The resource costs alone for a small business to notify every customer or patient and then deal with the fallout and enquiry that follows will likely devastate the business

financially. This is on top of the immediate effect insider data theft has on business earnings. For many businesses their customer or patient list is their most valuable asset and the primary source revenue. Business owners can't rely on Police, The Privacy Commissioner, APHRA, HCCC, ASIC, Fair Trading or any other authority to investigate insider data theft. Their response to data theft reports to date is that it is commercial matter to be dealt with in the civil courts. The prospects of a small business being able to fund a protracted litigation are virtually nil following insider data theft. If an insider embezzled in cash an amount equal in value, of in many cases a business's most valuable asset [customer database], they would likely be spending a number of years in gaol. Removing customer information without the authority of the customer and the business owner is theft and often, just like stealing cash, has an immediate financial impact on the business and everybody who works in the business and their families. The Amendment Bill is a double whammy for business owners who cannot even insure against the risk of insider data theft and losses to their business, the theft and the impost of the Bill’s requirements will have, entirely due to lack of legislative powers for any authority to charge insiders. Even the most secure of systems is susceptible to data theft due to employee access. It is the misuse of access by insiders that is the issue and rarely ever the business owners’ negligence to provide suitable security over what is often their most valuable asset. It is essential that any proposed amendment to the Privacy Act provides authorities legislative powers for Police to prosecute insider data thieves.

Yours faithfully

Brad Robinson Data Security Consultant [email protected] +61 4 1870 0054

Attachment (next page): Actual Example of repeated data thefts in one Sydney CBD organisation The organisation has the best available security over its data base Job function requires employees to have access to critical customer information In each case access was abused by employees to steal customer identifying information

Submission - Senator George Brandis.pdf

legislative powers for Police to prosecute insider data thieves. Yours faithfully. Brad Robinson. Data Security Consultant. [email protected]. +61 4 1870 ...
Download PDF
375KB Sizes 1 Downloads 141 Views
Report

Recommend Documents

Senator LUDWIG.pdf
support any call for West Papuan independence. We think that should be a matter for the West Papuan. community. We support their right for self-determination.
Submission Form.pdf
been approved by, and is being funded by The American Kennel Club Canine Health Foundation or the Morris Animal. Foundation. It is agreed that this ...
Submission Guidelines
School of Mechanical Engineering. National Technical University of ..... M Abramovicz 'Trial by Market: A Thought Experiment' The George Washington. University Law School (2004) Public Law .... Philosophy Thesis, School of Information Sciences and Te
Submission Protocol.pdf
If the dog is to be euthanized, first take a blood sample if possible, and send both samples. • Place a 1” ... Pack the sample in a small box or insulated container.
Submission Protocol.pdf
Page 1 of 1. UNIVERSITY OF MINNESOTA. Canine Epilepsy Submission Protocol. • Complete the submission form; and for affected dogs, also complete the seizure survey. • Make a copy of your dog's 3 or 5 generation pedigree if available. • Make a co
Senator Speaker Final .pdf
District 58 u?lizes an automated calling system to alert parents. of school closings. Parents are encouraged to make sure that their child's school(s) has their ...
Letter to Senator Schumer.pdf
Page 1 of 2. Daniel Reiser. 115 Prospect Park SW Apt. 5, Brooklyn, NY 11218 | (850) 508-0509 | [email protected] | TheGreatSchnoz.blogspot.com. Page 1 of 2. July 24, 2015 | 8 Av, 5775. The Honorable Charles E. Schumer. United States Senate. 322
SGA Senator Information .pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. SGA Senator ...
Patent Offer Submission - Services
as evidence for any purpose in any judicial, administrative, or other proceeding in which infringement of any of Your patents is alleged. You agree that any transfer by You of patent assets part of the Submission ("Submitted Patents") will enforce th
ICIT 2009_final submission
classical Description Logic that will be extended to the management of uncertain information. The proposed solution is based on integration between the ... system components to the level of the global distributive system behaviour. Along with the ...
CD_Reporting_specimen-submission-requirements-for-clinical ...
laboratory performs additional testing (confirmatory testing, serotyping, serogrouping, pulsed-field gel electrophoresis. [PFGE], whole genome sequencing ...
Senator Hoke Smith, Southern Congressmen, and ...
tural Extension Act of 1914 and the Vocational Educational Act of. 1917. ... The program, calling for an annual expenditure of $4,580,000 and authorizing ... College. agricultural history volume 60 * number 2 * spring 1986. c agricultural history soc
ARNEBECK LAW OFFICE July 12, 2016 Senator ... -
Jul 12, 2016 - ARNEBECK LAW OFFICE. Clifford O. Arnebeck, Jr. 1021 East Broad Street. Columbus, Ohio 43205. 614-224-8771 clifford.arnebeck@gmail.
Proposal submission form.pdf
Download. Connect more apps... Try one of the apps below to open or edit this item. Proposal submission form.pdf. Proposal submission form.pdf. Open. Extract.
Patent Offer Submission - Services
Patent Offer Submission. * Required. Patent Offer to Sell. What is your name? *. What is the name of the company that owns the patent? *. If you are the owner, but not a company, just indicate "Individual." What is your address? *. What is your email
Sample Submission Protocol.pdf
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Sample Submission Protocol.pdf. Sample Submission Protocol.pdf. Open. Extract. Open with. Sign In. Main menu
ERE submission FINAL.pdf
The GTM applies a price premium per unit of electricity use over some. share of use ... ERE submission FINAL.pdf. ERE submission FINAL.pdf. Open. Extract.
IMS Submission Template
[4], it is difficult to design a CMOS sampler at scale of GS/s .... Fig.2(a) 3D view of the QVCO inductor and clock distribution network, the phase error is 0.6° ( port ...
SHORTLANDS SUBMISSION FORM.pdf
Sign in. Loading… Whoops! There was a problem loading more pages. Retrying... Whoops! There was a problem previewing this document. Retrying.
Submission Instructions forEGE2007
Port, Coastal and Ocean Engineering Division, American Society Civil Engineers (ASCE), Vol. 115, No. 5, pp. 649 – 461. 8. PEHLIVANOGLOU, K. & KARAMITROU, Z. (2003). Anthropogenic effects on the geomorphology of the Vromolimno area, Skiathos Island.