Should All Breaches Be Equal under the Law?

Jul 30 Should All Breaches Be Equal under the Law?


Australia’s ADMA Head Says Breaches Should Only be Reported if Consumers’ Personal Information is at Risk

Catch of the Day, an Australian online shopping site, recently reported a breach that happened three years ago. And, in the same virtual breath, the company said there was no risk to consumers.

So, if there were no risk to consumers, was it necessary to report the breach at all? That’s the point that Jodie Sangster, head of Australia’s Association for Data-driven Marketing and Advertising (ADMA), is making in an article by Kirsten Robb on (link to article).

Sangster warns against mandatory reporting when consumers’ data is not in danger of being compromised.  “On the question of whether or not ADMA supports mandatory reporting, the position we take is, if it’s going to be mandatory, we need to set a sensible benchmark. If you set the threshold too low, consumers may be unnecessarily alarmed if they are not at risk.”

According to Sangster even accidently “cc-ing” email addresses in an email – rather than “bcc-ing” them – could be considered a data breach. And, reporting such small data breaches would dilute the meaning of a warning in the event of a serious breach. Additionally, she notes that reporting every possible breach leads to a lot of unnecessary red tape.

Observes Sangster, “Are there daily data breaches happening? Probably not. Are there incidences where companies need to tighten security? Absolutely.”

ThreatMetrix® builds trust on the Internet by offering market-leading advanced fraud prevention and frictionless context-based security solutions. These solutions authenticate consumer and workforce access to mission critical applications using real-time identity and access analytics that leverage the world’s largest trusted identity network.

ThreatMetrix secures enterprise applications against account takeover, payment fraud, fraudulent account registrations, malware, and data breaches. Underpinning the solution is the ThreatMetrix® Global Trust Intelligence Network, which analyzes over 500 million monthly transactions and protects more than 160 million active user accounts across 2,500 customers and 10,000 websites.

The ThreatMetrix solution is deployed across a variety of industries, including financial services, enterprise, e-commerce, payments, social networks, government and insurance.

For more information, visit or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.



Leave a Reply

Your email address will not be published. Required fields are marked *