Assessing Fair Punishment for Data Breaches
DATA LOSS—NEW SOUTH WALESAugust 20, 2011
ITNews reports that some experts assert "Australia's light touch to breaches of the Privacy Act may not be enough to protect consumers and punish the companies that put their personal information at risk." Data breach investigations have increased by 27 percent in the last year, but, barring mandatory notification laws, the largest breaches remain unreported. A University of Canberra professor says that organisations that undergo a breach after using best practices should not be punished, but companies that are negligent should be punished to get the attention of executives, insurers and shareholders. He queries, "If a food company kept on having food contamination problems, it would stop operating. Why is a data custodian any different?"