Australia wants online privacy laws to be beefed up in light of the attack that broke into Sony’s PlayStation Network.
By now, most people lay the blame for the data-mining PSN attack appropriately at the feet of the people who broke into the network, but Sony hasn’t escaped blame, either. One of the most common criticisms levied against the electronics giant is that it waited too long to inform consumers that their data might have been compromised, though Sony swears it told everybody as soon as it knew.
While politicians and political groups from around the world like US Senator Richard Blumenthal, the Privacy Commission of Canada and the UK Information Commissioner have all lambasted Sony for its role (or lack thereof) in the event, it’s the island nation/continent of Australia that may be actually doing something about it.
According to WA Today, the Australian government has announced plans to introduce legislation that will force companies like Sony to announce security breaches and the theft of personal information immediately. Of the millions and millions of PSN users worldwide whose data is now compromised, says the article, 1,560,791 of them were Australian and 280,000 had credit card details attached to their accounts.
Privacy Minister Brendan O’Connor said that he was “very concerned” about the potential theft of personal information, and disappointed that it had taken Sony “several days” to notify its customers of the breach. As such, he said, a mandatory notification law now appeared to be necessary.
That said, he didn’t say that this was Sony’s problem and Sony’s alone. “Sony isn’t alone. We’ve seen serious privacy-related incidents in recent months involving other large companies,” said O’Connor, apparently referring to incidents involving companies like Dell Australia and Telstra. “All companies that collect customers’ personal information must ensure that the information is safe and secure from misuse.”
The Australian government has been investigating the incident, said Privacy Commissioner Timothy Pilgrim, who said that he was waiting to hear answers from a series of questions he’d sent Sony. (No offense, Mr. Pilgrim, but I think Sony is a bit busy right now).
David Valle, the executive director for theCyberspace Law and Policy Centre at the University of New South Wales in Sydney, called the breach a “chilling example” of what could happen when companies stored so much information in a central database, no matter how much security they put on the lock.
“The protectors have to be 100 percent perfect in their defense, while the attackers only need to find one tiny chink to get through.”