Handling Privacy Breaches

Into the Breach: Handling Privacy Breaches. 

Facilitators: Dean Pemberton, Sean Lyons.
Tags: Safety & Security, Internet & the Law.
Collaborative Notes: Handling Privacy Breaches

We have all seen the aftermath of the recent high profile government privacy breaches.  The interesting point is that as a society, there is some advantage to privacy breaches being made public, it just has to be handled in the right way.  What is the most appropriate way for a Security Researcher to let a government department know they have a vulnerability?  How long should they wait before telling the media?  Should the government department immediately contact the police, or should they thank the researcher for coming forward?  These issues are all covered under the top of “Responsible Disclosure”.  The first focus of this session will ask similar questions and get your responses. Once a breach has been discovered, should there be a legal requirement for the organisation concerned to notify all the individuals who’s information has been leaked?  What should the threshold be?  Should only serious breaches be reported or all breaches?  The second focus of this session will deal with these issues of “Mandatory Breach Disclosure”.