Security Market Segment LS
Monday, 23 July 2018 11:35

PageUp breach secrecy may be to set precedent: expert Featured

By
Helaine Leggat: "If too much information is made public, it does not help in an investigation." Helaine Leggat: "If too much information is made public, it does not help in an investigation." Supplied

Australian authorities may have decided not to fully disclose details of the data breach at human resources outfit PageUp People as it is the first major breach to be revealed, and the processes followed could set a precedent for others that follow, an expert in cyber security and law says.

Helaine Leggat, head of cyber law at Sladen Legal, told iTWire in response to queries that the Department of Home Affairs and other Australian authorities may have decided to practice "security through obscurity".

Since 19 June, PageUp People has kept mum about the breach, having revealed very little about it prior to that as well, after first breaking the news of the breach on 6 June. The company has said it first noticed the intrusion on 23 May.

Leggat pointed out that in the US, from as early as 2015 after the promulgation of the Cybersecurity Information Sharing Act (CISA Legislation), "the authorities, including LEA (Law Enforcement) were saying that the victims of crime should not be punished. I have heard (Australian Cyber Security Centre chief Alastair) MacGibbon say the same thing here in 2018".

MacGibbon has gone on the record describing PageUp as being effectively "victimised" as a result of having to out itself to Australian customers before it even knew for certain there was a problem.

Leggat said there could be many reasons why the authorities were keeping quiet and protecting PageUp People.

"We are no doubt dealing with crime/criminal organisations wrt the breach," she said. "The UK authorities are also involved. Remember, there are Mutual Co-operation laws where countries like Australia and the UK agree to work together to assist one another. If too much information is made public, it does not help in an investigation."

She pointed out that in the case of the Singapore Privacy Law, there was no obligation to report a breach.

Asked whether there was a requirement for PageUp to provide full details of the breach to the public, Leggat said there were various provisions of the law that gave authorities an out.

She said she suspected that "full disclosure in this case will not be helpful to Australian interests in the fight against crime".

But Leggat said that "from a trust and company risk/reputation point of view, one would think that PageUp People would want to communicate more frequently. (I recommend Crisis Communications Policies, among other things).

"It is complex and we do not have the answers. Bear in mind the broader aspects of privacy. While Australia does not have a Tort (private action) of privacy, it does recognise privacy as a human and civil right – Refer to the Preamble of the Privacy Act 1988.

"There are all sorts of legal causes of action that can arise in a case such as this, including, contractual actions (PageUp with its clients, service providers etc), Breach of Confidence, negligence, shareholder actions etc. The biggest mistake people are making is to look narrowly at the NDB Scheme."


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.

CLICK HERE!

WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://www.itwire.com/itwire-update.html and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.

MORE INFO HERE!

BACK TO HOME PAGE
Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments