The risks of data hoarding and the Data Retention Bill

“To my knowledge we have had no data breaches,” stated Tim Morris at the Tech Leaders conference in the Blue Mountains west of Sydney last Sunday.

An old truism in the IT industry is ‘there are two types of computer user; those who have lost data and those who will’. The same could be said of organisations: there are those who have had a data breach and those who will; which is why Assistant Commissioner Morris of the Australian Federal Police was hedging his bets on whether his organisation had been hacked.

Morris, responsible at the AFP for High Tech Crime Operations, was explaining the controversial Data Retention Bill currently before the nation’s Parliament which will require telecommunications companies to keep customers’  connection details – considered to be ‘metadata’ – for two years.

The bill is fiercely opposed by Australia’s tech community, including this writer, as it’s an expensive and unnecessary invasion of privacy that will do little to protect the community but expose ordinary citizens to a wide range of risks.

One of those risks is that of the data stores being hacked, a threat that Morris downplayed with some qualifications.

As we’re seeing in the Snowden revelations, there are few organisations that are secure against determined criminals and the Australian Federal Police are no exception.

For all organisations, not just government agencies, the question about data should be ‘do we need this?’

In a time of ‘Big Data’ where it’s possible to collect and store massive amounts of information, it’s tempting to become a data hoarder, which exposes managers to various risks, not the least that of it being stolen by hackers. It may well be that reducing those risks simply means collecting less data.

Certainly in Australia, the Data Retention Act will only create more headaches and risks while doing little to help public safety agencies to do their job. Just because you can collect data, doesn’t mean you should.

For businesses it’s worthwhile considering whether you’re storing much information on your staff and customers, and whether pushing up the price of internet access is what we expected from a government that promised to reduce red tape and make Australia open for business.