OAIC compels Ashley Madison to improve privacy
The owners of notorious dating site Ashley Madison have agreed to legally binding undertakings following an investigation by the Office of the Australian Information Commissioner.
Avid Life Media has pledged to conduct a thorough review of the protections it has in place to protect personal information to avoid a repeat of the major data leak involving its customer database last year.
By May next year, Avid Life Media has also agreed to augment its information security framework and adequately document this framework and its information security processes.
The enforceable undertakings also involve staff and contractor training and the production of an independent report documenting the measures taken to fulfil the promises.
Australian Privacy Commissioner Timothy Pilgrim said the incident shows how important it is for businesses to protect customers’ personal information, and the reputational damage that can result from failing to do so.
“The enforceable undertakings ... are a positive approach to improving privacy practices. But the impact of this incident reinforces what my office has stressed for some time — that privacy is not a bolt on accessory; it needs to be integrated into businesses and products by design,” he said.
As the Ashley Madison case demonstrates, companies not in compliance with Australian privacy regulations need to enhance privacy safeguards, amend information retention practices, improve information accuracy and increase transparency.
Too much of a good thing: Australia's cyber overlap issue
Recent research indicates many organisations may have too many security systems with overlapping...
The true cost of cyber attacks
The average annual expense of recovering and dealing with cyber attacks has surpassed AU$4.1...
Tackling the human element in modern authentication: the phishing-resistant user
Integrating human-centric cybersecurity strategies is not merely an option but a necessity in...