Data retention acceptable as long as security, access managed: survey

Rising concerns about terrorist threats on Australian soil have increased the acceptability of data-retention proposals to citizens but the majority favour tight controls over its use, according to a recent survey of Australians' attitudes to cybersecurity.

Fully 64 percent of respondents to a survey by consulting firm Protiviti said they support the government's efforts to force telecommunications companies to retain data related to customer communications for up to two years.

The majority, however, favoured strict controls on access to this data, including the requirement that authorities require a court warrant for access – favoured by 78 percent of respondents. Some 88 percent said warrant-less access would only be acceptable in high-risk national security investigations such as terrorism cases (88 percent of respondents) or to serious crimes involving physical or community harm, such as murder or paedophilia (66 percent).

“Retaining customer ‘metadata’ can amount to a significant privacy incursion as it can reveal a great deal about a person’s movements, relationships and day to day lives,” Protiviti managing director Mark Harrison said in a statement.

“Ultimately, they believe that the best way to balance these opposing and competing interests is to ensure law enforcement and intelligence agencies receive Court authorisation through a warrant, before they can access the information.”

Recent figures confirm that Australian authorities are moving to access personal data with increasing regularity: Telstra's latest transparency report, for example, found that the volume of law-enforcement agencies' requests for metadata had increased 9 percent from 2012 to 2013.

The Protiviti survey, however, revealed broad concerns that increased retention of data would create new security risks from the concentration of personally identifiable information (PII). Some 62 percent of those Protiviti respondents believed the creation of PII repositories would lead to an increase in targeted hacking and cybercrime activity, and 87 percent believed companies needed to meet specific security standards to protect such data.

Harrison also noted the contradictory messages being sent by the government – which on the one hand encouraged retention of PII for as short a period of time as possible to minimise the security risk, and on the other was now pushing for broader retention of such data.

“There's no doubt companies are in a difficult situation with government policies appearing to be sending out mixed messages,” he said. “Many companies are concerned that the vast stores of information created by these measure will act as a 'honeypot' for cybercriminals on the hunt for easy targets.”

Read more: OAIC data breach guidelines emphasise importance of notification

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Australians' attitudescybersecurityterrorist threatsdirectors for CSO Australiapersonally identifiable information (PII)Mark Harrison (Protiviti MD)CSOcybercriminalslaw-enforcement agenciesTelstraProtivitiEnex TestLabtelecommunications companiessecurityhigh-risk national securitygovernment policiesTransparency reportmetadatadata retentionsecurity risksCSO Australia

More about CSOEnex TestLabProtiviti

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts