Vic Govt infosec chief grills suppliers

By on
Vic Govt infosec chief grills suppliers
Flickr

Victoria's data security chief has warned suppliers to brush up their security postures if they hope to ply trade with the State Government.

Commissioner for Law Enforcement Data Security David Watts will head the state's office of the Privacy and Data Protection Commissioner, a new agency to be formed this year from the merger of both the privacy and law enforcement data security offices.

Watts will be charged with improving security postures across the Victorian public sector in accordance with the Victorian Protective Security Policy Framework (VPSPF), a model based on the federal framework

David Watts

Watts said outsourced services that lacked adequate security were like "cars without airbags".

"If you want to do business in Victoria, then Victorians have a right to inspect that your information is secure," he said.

"I will look forward to auditing those outsource service providers to see that they comply [with Victorian law]."

Watts cited an example of an unnamed cloud provider which would fail the test due to its policy of storing customer data across the world but signing contracts inked in Singaporian law.

He said he was confident the increased demands would not scare off business.

Watts became commissioner in 2008 and was charged with ensuring the security of the state's police service and law enforcement data.

His first job heading the new agency will be to increase security and compliance across state government. This would be a slow and considered process, Watts told SC.

"We all know compliance won't happen overnight so let's be realistic. You need to build capacity and resilience within the Victorian public sector."

"One of the most important things to do is to give people very clear goals and targets. We're talking about developing a very clear set of standards that are consistent with the PSPF, tailored for Victoria."

State Governments across Australia have been reguarly grilled for lax security in government audit reports. Many had repeatedly failed to comply with basic standards and shown little improvement between reports.

Watts was a supporter of mandatory data breach reporting but said it must not be uniformly applied. While it would threaten service providers with "astonishing reputational damage", it could shake public confidence in the police service.

"I would be loathe to suggest that Victoria Police report every data breach because it could result in a potential loss of public confidence or could give people an idea of what Victoria Police's vulnerabilities are."

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

The channel is a juicy hacking target - are you improving security?
YES - recent attacks on MSPs spurred us to action
YES - we're ALWAYS improving our security stance
YES - we've noticed new forms of attack
NO - we're confident our past efforts are enough, but are always vigilant
NO - we don't see the need for change at this time
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?