IDCARE warns new privacy laws could exacerbate ransomware attacks

By

Paying attacker is cheaper than penalty.

National identity support service IDCARE is critical of the federal government’s increased penalties for privacy breaches, saying they could encourage companies to pay ransoms in an attempt to keep a breach secret.

IDCARE warns new privacy laws could exacerbate ransomware attacks

It made the comments in a submission [pdf] to the federal government’s review of the Privacy Act.

Breach frameworks seem “less about informing and supporting a person to take-action who has been placed in a potentially vulnerable position, but more about a need for ‘tick a box’ reporting to regulators and to protect other interests”, IDCARE said in its submission.

That leaves Australian businesses vulnerable to ongoing ransom attacks, the organisation said.

“In terms of ransomware attacks, Australia is open for business … there is little disincentive for these criminals to keep targeting Australian businesses and government agencies,” the submission said.

Fear of the recently-introduced penalties – up to $50 million for a serious privacy breach, one-third of the turnover for an affected company, or three times any financial benefit obtained through data misuse – makes things worse, IDCARE’s submission said.

“This is further exacerbated by the conflicting nature of compliance and notification environment," it said.

"Pay a million dollars or face a breach that may cost $50 million. Don’t pay and have your customer data exploited in the most abhorrent and public way in an attempt to send a clear signal to future organisations that this will be the consequence if their demands are not met."

While making the payment of ransoms a specific offence could discourage companies from paying, IDCARE said “there are many complexities to this”, including unnamed insurance companies that encourage the payment of a ransom, if that is the cheapest way for a victim company to recover their data.

IDCARE also warns that the government’s proposed amendments to the Privacy Act will have the “perverse outcome” of making privacy compliance “much more litigious”.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

The full list of IT projects in the 2024-25 federal budget

The full list of IT projects in the 2024-25 federal budget

Home Affairs' ICT modernisation needs backed by another review

Home Affairs' ICT modernisation needs backed by another review

India's mid-tier IT firms gain share from industry goliaths

India's mid-tier IT firms gain share from industry goliaths

Defence readies a three-year technology roadmap

Defence readies a three-year technology roadmap

Log In

  |  Forgot your password?