Friday, 11 January 2008

Finance System Security

Due to the storage of sensitive information on Financial servers, a company is not meeting the Tax File Number Guidelines issued under s.17 of the Privacy Act 1988 nor the provisions of NPP4 (National Privacy Principles) if it does not patch these systems and also take adequate care and dilligence to ensure the integrity of these systems.

The Guidelines are legally binding. A breach amounts to an interference with the privacy of an individual, who may complain to the Privacy Commissioner and, where appropriate, seek compensation. It is also possible that criminal charges could be laid in severe cases of a resulting breach.

A failure to adequately ensure the integrity of records and data of financial transactions is a breach of S286 of the Corporations Act (Cth) 2001.

The Electronic Transactions Act (Cth) 1999 defines integrity of information contained in a document to be maintained if, and only if, the information has remained complete and unaltered. The onus of proof is on the company that maintains these records. A failure to maintain data integrity is a subsequently a breach of S286 (prior) and is a Strict Liability Offence (see S 6.1 of the Cth Criminal Code).

No comments: