Pages

Thursday, January 31, 2008

Those affected should be informed about major data security breaches

Yes, the Federal Privacy Commissioner is right in calling for compulsory notification of major data security breaches. It's clear that we are pretty much in the dark here concerning possible breaches that may have significant identity fraud implications.

One intriguing result of this case note published by the Commissioner in January is that she apparently isn't fussed by the fact that some EFTPOS terminals issued by the major banks continue print a receipt that includes the full details of the credit card used in the transaction including name, full credit card number, type of card and expiry date.

The Commissioner found the merchant in this case had not breached privacy principles, but there isn't a word about what is a very unsatisfactory practice, still widespread in this country and full of identity fraud potential.

Have a look at your receipt next time - in my experience it mainly occurs with smaller retailers but in the case above it was an events ticketing company - and think twice about chucking the receipt in the bin.

No comments:

Post a Comment