Microsoft privacy exec says Aussie disclosure laws reactive

Microsoft’s chief privacy officer, Peter Cullen, said the introduction of data disclosure laws in Australia should not be the centerpiece of an organization’s data protection strategy.

While Cullen believes legislation does have a role to play, he said the real focus should be prevention first and foremost. “Disclosure laws respond to a situation where the horse has bolted; it is better to focus on how to secure the barn,” he said.

“Breach notification has a role to play if consumers are harmed but a notification everytime information is misplaced isn’t necessary; there will be so many notices that they will have little impact.

“There is a lot of media attention around security breaches in the United States but it isn’t just happening there; it’s happening all around the world.”

As reported Monday in Computerworld a discussion paper will be released in coming weeks recommending the introduction of data disclosure laws in Australia.

It is part of a review of the Privacy Act and would force organizations to notify customers of security breaches.

Final plans around the introduction of the data disclosure laws go before the Federal Attorney General, Philip Ruddock, early next year.

Cullen responded to the privacy review during a recent visit to Australia which included Brisbane, Sydney, Canberra and Melbourne.

Cullen met local IT managers promoting the message “good privacy is good business”. He said privacy has to be at the forefront of plans when IT managers are designing systems.

“It is a challenging task when you think about how malware has taken on such an active and devious focus. It really puts pressure on IT managers, not to mention the growing complexity of compliance across international borders, that’s an enormous task,” he said.

“IT managers have to balance privacy with business objectives. While laws have a role to play, the real big stick here is reputation risk.”

Cullen said it is hard to make privacy a business priority in Australia because there hasn’t been a string of high profile breaches to drive a more pro-active approach.

He said the real damage created by poor privacy protection is consumer trust and how it hurts the industry overall.

“An organization can have the world’s greatest product but if the organization isn’t trusted it won’t have any appeal,” Cullen said.

“We need to arm users to protect themselves.

“IT managers feel like the meat in the sandwich because they have to provide systems that meet business objectives while still protecting data.”

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now