Scoop has an Ethical Paywall
Licence needed for work use Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

NZCS supports mandatory disclosure of security breaches

NZCS supports mandatory disclosure of security breaches

PRESS RELEASE – NZ Computer Society Inc. (NZCS)
2 August 2011

The New Zealand Computer Society (NZCS) today welcomed the recommendation from the Law Commission for mandatory disclosure of serious security breaches.

NZCS Chief Executive Paul Matthews said today “The New Zealand Computer Society (NZCS) strongly supports the mandatory disclosure of serious security breaches and welcomes the recommendation from the Law Commission to finally put this in place in New Zealand”.

“One of the fundamental concepts of privacy is control of your own information. Being made aware of when this information falls into the wrong hands is essential”, Matthews said.

The Society recommends that staff with responsibility for security undergo security-specific training and certification and all staff with responsibility for projects or teams be accredited with the overarching IT Certified Professional (ITCP) Certification.

“While sometimes genuine mistakes do happen, all too often breaches are entirely avoidable and occur due to lax security and unqualified staff not following good practice”, Matthews said. “Businesses need to understand that if they don’t take security seriously it can have dramatic consequences both for their customers and their reputation”.

A big issue under the current law is that unless breaches become public through the media or other means, there’s no incentive for unethical companies to disclose major breaches especially where they’ve occurred due to lax security. In fact there’s a disincentive given the damage to reputation that can ensue.

Advertisement - scroll to continue reading

“With mandatory reporting of serious security breaches we’re entering a new era”, Matthews said. “Some breaches will occur and undoubtedly some companies will be exposed. If these companies can’t show they’ve taken reasonable precautions such as insisting their providers are properly trained and certified, the cost will be high in reputation and dollar terms”, he said.

“However it’s more than just reporting. Albeit necessary, that’s the proverbial ambulance at the bottom of the cliff. IT companies need to be proactive in relation to security and privacy”, he said.

“To put it another way, in conjunction with mandatory reporting people need to stop saying ‘we were hacked’ and start saying ‘our approach to online security needs attention’”, Matthews concluded. “It’s time New Zealand companies got serious about security”.

ENDS

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.