- ThreatMetrix Announces $30 Million in Growth Capital with Silicon Valley Bank to Accelerate Global Market Eminence
- ThreatMetrix Highlights Influential Moments at 2016 Digital Identity Summit, Business Without Borders
- ThreatMetrix Prevents Over $15 Billion in Annual Fraud Loss
- ThreatMetrix Fall ‘16 Release Secures the Future of Global Digital Business
- ThreatMetrix Announces Accelerate Partner Program to Advance Channel Sales and Service Opportunities
Australia’s ADMA Head Says Breaches Should Only be Reported if Consumers’ Personal Information is at Risk
Catch of the Day, an Australian online shopping site, recently reported a breach that happened three years ago. And, in the same virtual breath, the company said there was no risk to consumers.
So, if there were no risk to consumers, was it necessary to report the breach at all? That’s the point that Jodie Sangster, head of Australia’s Association for Data-driven Marketing and Advertising (ADMA), is making in an article by Kirsten Robb on startupsmart.com (link to article).
Sangster warns against mandatory reporting when consumers’ data is not in danger of being compromised. “On the question of whether or not ADMA supports mandatory reporting, the position we take is, if it’s going to be mandatory, we need to set a sensible benchmark. If you set the threshold too low, consumers may be unnecessarily alarmed if they are not at risk.”
According to Sangster even accidently “cc-ing” email addresses in an email – rather than “bcc-ing” them – could be considered a data breach. And, reporting such small data breaches would dilute the meaning of a warning in the event of a serious breach. Additionally, she notes that reporting every possible breach leads to a lot of unnecessary red tape.
Observes Sangster, “Are there daily data breaches happening? Probably not. Are there incidences where companies need to tighten security? Absolutely.”