publication in the international journal sangeetha

www.ijcsit-apm.com International Journal of Computer Science & Information Technology 1

IJCSIT, Vol. 2, Issue 2 (April, 2015) e-ISSN: 1694-2329 | p-ISSN: 1694-2345

SECURING PERSONAL INFORMATIONIN THE CLOUD IN AUSTRALIA

Sangeetha M KannuchamyQueensland University of Technology, Australia

[email protected]

Abstract- Today, internet plays an important role in the major

parts of the world. Cloud computing which is the latest technologyprovides a lot of services to the users via the internet. Anybodycan access any kind of information all around the world using aninternet connection. For example (a) sending and receiving email(b) Google talk (c) Google Apps etc. Now to start with the mainpoint for discussion, Is it sure whether the data that is the personalinformation which is stored (or) transferred via the cloud issecured in Australia? I can say that the data stored (or) transferredvia the cloud are not secured and there is still breach of anypersonal information occurs via the cloud in Australia. I can alsosay that the answer to the above questions as no, why because tillnow we have a lot of problems that had occurred due to thestorage (or) transfer of the personal information via the cloud inAustralia. The main problem that could occur might be due to themalicious breach of the personal information which might be dueto a hacker attack. Ok, what will happen if the personalinformation is hacked in the cloud in Australia? Actually it canlead an individual’s life to a real risk of serious harm for thepeople in Australia. The hackers can blackmail the individual notonly to make money out of it, but also can lead the individual’slife under a real risk of serious harm in the cloud in Australia.Therefore, what can be done in order to safeguard the life of theaffected individual in the cloud in Australia? Hence, my researchtakes positive steps in order to safeguard the life of the affectedindividual from the real risk of serious harm to their lives, byproviding severe punishment against the person who had engagedin personal information breach apart from providing payment ofcompensation as their lives were put under real risk of seriousharm apart from the affected individual’s privacy in the cloud inAustralia.

Index Terms- Cloud Computing, Hacking, Mandatory Law,

Personal Information, Security, Severe Punishment.

I. INTRODUCTIONIntroduction of the mandatory personal information

breach law in the cloud in Australia for providing severepunishment under law apart from providing compensationin order to avoid a real risk of serious harm to the individualwhile securing the personal information in the cloud inAustralia. The main concepts and their definitions in myliterature are as follows Agency, AGD, ALRC, ATO,Business, Cloud Computing, Data Breach, Data BreachNotification, Data Security, Identity Theft, OAIC,Organization, Personal Information, Security Breach.

Fig. 1 Example diagram for Securing Personal Information using CloudComputing in Australia

A. AgencyAgency means an Australian Government Department.

B. AGDAttorney-General’s Department.

C. ALRCAustralian Law Reform Commission.

D. ATOAustralian Taxation Office.

E. BusinessA Business is one which takes the main responsibility of

protecting the customer records under its own custody inthe view of securing the personal data in the cloud.

F. Cloud ComputingCloud Computing offer users for on demand access to

scalable information technology capabilities and servicesthat are provided via internet based technologies which isbeing completely managed by the service provider.

G. Data BreachData Breach is any personal information held by an

agency or an organization which is subjected to anyunauthorized access, disclosure or misuse.

H. Data Breach Notification





[email protected]























[email protected]



















International Journal of Computer Science & Information Technology 2 . www.ijcsit-apm.com

Data Breach Notification actually refers to a legalrequirement used to provide notice to the affected personswhen certain kind of personal information is misused by theunauthorized persons.

I. Data SecurityData Security is the main key concern when we consider

the use of the IT resources as it may lead to significant riskor damage to the life of the individual that uses the cloud.

J. Identity TheftIdentity Theft is defined as one person impersonating

another for the purpose of obtaining benefit and the peopleaffected by this may be under a real risk of serious harm totheir life.

K. OAICOffice of the Australian Information Commissioner.

L. OrganizationOrganization means all business, non government

organizations and all health care provider.

M. Personal InformationPersonal Information is actually an individual’s first name

or first initial and his or her last name in combination withany one or both of the following data elements, when eitherthe name or the data elements are not encrypted.

Driver’s license number. Bank account number, credit or debit number in

combination with any security code or passwordthat provides access to the individual’s financialaccount.

N. Security BreachSecurity Breach is defined as the loss or theft of the

device such as laptops and the storage media such as thedisks or the USB drives which could contain the sensitivepersonal information in the cloud.

II. RELATED WORKA. Cloud Computing

The three main basic model for cloud computing are IaaS,PaaS and SaaS. IaaS provides hardware devices forcustomers used for storage, network and acts as the virtualdata centre for the cloud. The next model is the PaaS whichis responsible for installing the software assets such asoperating systems, backup systems, developmentenvironments or platforms, databases, data storage anddedicated or virtual servers. The last model is the SaaSwhich is responsible for scalability, cost and simpleintegration where users use only the web browser to interactwith systems in the cloud in Australia. All these cloudcomputing technologies are used to save, manage and

control data remotely that are stored in unknown places indistance from the enterprises’s geographic location.

Fig. 2 Example diagram for Basic Model for Cloud Computing.

The deployment model for cloud computing consists offour models. They are public cloud, private cloud, hybridcloud and community cloud models. The first model publicis deployed by the provider and it is open for all thecustomers using internet. In Contrast is the private modelwhich is the second deployment model used to providecloud services only to specific customers. The third modelhybrid is a mixer of both the public cloud model and theprivate cloud model. It allows its customers to utilize someof the cloud services privately for their clients and theirlocal systems. The last deployment model is the communitymodel used for providing its services only to a group ofcompanies.

Fig. 3 Example diagram for Deployment model for Cloud Computing

B. The Main Advantages of Cloud Computing Are asFollows

Scalability

Flexibility

Affordability

Maintainability

Universal File Access

Lower CostsThough cloud computing technology has several

advantages there are several threats that could affect theevolution of cloud computing.

The four main challenges while choosing cloudcomputing can be categorized into four groups such astechnical, organizational and its policies, legal and























Scalability

Flexibility

Affordability

Maintainability



























Scalability

Flexibility

Affordability

Maintainability






miscellaneous risks while securing personal information inthe cloud in Australia. Hence my own way ofmethodology of research will provide solution for thecurrent problem for the personal information breach in thecloud in Australia. I have prepared the examples of variousincidents that had occurred due to the breach of the personalinformation in the cloud in Australia.

C. Examples1) Telstra Corporation Limited (Telstra): In the Telstra

Corporation Limited, the mailing list error had occurredwhich resulted with approximately 60,300 Telstracustomer’s personal information being sent to othercustomers being mailed out. It seemed that the occurrenceof this problem was due to an employee by mistake hadused wrong data table and because of this the wrongmailing list has been recorded in the mailing list which hadresulted in the breach of the personal information in thecloud in Australia. This incident had happened due to ahuman error and hence the mail out was stoppedimmediately to solve the problem of the personalinformation breach and by the way safeguarding the life ofany individual in the cloud in Australia.

2) Medvet Science Pty Ltd: Medvet Science Pty Ltd hasbreached the personal information in the Google cachewhich contained the billing and the shipping address detailsapart from the service order details. Once the report hadbeen prepared by the Deloitte, it stated that the accessibilityof the address information was actually the breach of thepersonal information in the cloud in Australia which wasnot permitted and hence the Medvet had committed thebreach of its customer details. As Medvet did not hadsufficient level of security in place to protect the personalinformation in the cloud therefore it led to a real risk ofserious harm to the life of any individual in Australia.Hence I can say that Business must make sure that it has theappropriate privacy and security measures to confirm thattheir systems are secured enough to safeguard the life ofany individual in the cloud in Australia.

3) Vodafone Hutchison Australia: Vodafone HutchisonAustralia’s personal information had been compromised inthe cloud via the internet in Australia. Vodafone’s Businesshad collected the identity information from the customersfor the complete 100 pt ID verification checks in order tocomply with the obligations.

For example, if it is in the case of the passports, thedocument number and its expiry date were available to allthe authorized users. From the above incident, I can say, itis very clear that the identity theft could play a real risk ofserious harm to the life of an individual if the personalinformation is breached but fortunately in the above caseonce the Vodafone had become aware of the disclosure ofthe personal information it had acted immediately to

prevent any unauthorized access of the personalinformation in the cloud in Australia.

4) First State Super Trustee Corporation: In FSS (FirstState Super Trustee Corporation) an unauthorized personhad purposely accessed the secured section of the FSS’swebsite and had downloaded the personal informationbelonging to the 568 FSS members. But it seemed that themember’s personal information was not actually publishedto the general public for accessing and was published onlyto the members of the FSS. It was found that the personalinformation which was downloaded contained themember’s name and their addresses, the details of thesuperannuation, account transactions, balances and the ageof the members. Now, from the above incident, I state thatthe personal information breach has been addressed by theFSS and which implemented the security measures to solvethe problem of the breach in order to safeguard the life ofany individual via the internet in the cloud in Australia.

5) Sony Playstation Network: A media report about theSony Playstation Network told that the individual’s names,addresses and the other personal datas including the creditcard details which had been compromised due to a cyber

Fig. 4 Example diagram for Sony Playstation Network Hacked

attack which had been compromised due to a cyber attackthough it had a wide range of security in place. Hence, Icould say that the above incident which had occurred due tothe cyber attack made the breach of the personalinformation in the cloud in Australia and which was nowstopped by means of following the extra security measureswhich will surely safeguard the life of any individual in thecloud in Australia.

6) The Professional Services Review Agency: TheProfessional Services Review Agency (PSR) holds theMedicare Benefits Program (MBP) and the PharmaceuticalBenefits Program (PBP) claims information within thesame database for an indeterminate time and in anunsecured manner. Because of this problem, the PSR wasnot complying with the obligations relating to the wayclaims information and the personal identifying informationmust be handled by the Australian Government Agencies


when stored in the databases. Finally, in order to solve thisproblem PSR followed the secured manner of separating thedatabases into two and also with the limited retentionperiods and by the way safeguarding the life of anyindividual in Australia. Hence, I could say that there mustbe proper security in place to safeguard the personalinformation in the cloud in Australia.

7) Dell Australia: In Dell Australia, an employeeunintentionally made the malware installed and the attackergained access to the personal information on the databasewhich actually seemed to be a malicious attack. From theabove incident, I could say that appropriate measures weretaken at the right time to solve the personal informationbreach by improving the security system measures and bythe way solving the problem of the personal informationbreach in the cloud and hence safeguarding the life of anyindividual in the cloud in Australia.

Fig. 5 Example diagram for Dell Australia

III. RESEARCH ELABORATIONSMy Methodology of Research will follow all the

procedures as follows for solving the current problem of thepersonal information breach in the cloud in Australia.

Checking if all the computers are updated with thelatest version of the antivirus so that the intrudersusing the malware can never access the personalinformation in the cloud via the internet inAustralia.

Finding out what are all the personal informationdo an agency or an organization requires from anyindividual in the cloud in Australia.

Finding out how much sensitive is the personalinformation that is involved in the breach in thecloud in Australia.

Checking if this personal information in the cloudbe used by anyone to misuse and by the wayleading them to a real risk of serious harm to thelife of any individual in the cloud in Australia.

Calculating how many number of people areaffected by the personal information breach in thecloud in Australia.

Table I Nature And Its Percentage Of The Most Recent Internet SecurityIncidents In The Organization In 2014 In The Cloud In Australia

Nature of the most recentinternet security incidents inthe organization in the cloud inAustralia

Percentage of various kindsof attacks in the cloud inAustralia

Virus Attack 45%

Malware Attack 18%

Internal Breaches 27%

Cyber criminals 9%

Others 1%

For example, the above Table 1 shows the nature and itspercentage of the most recent internet security incidents inthe organization as per the Cyber Security Report 2014 inthe cloud in Australia.

On the whole, it shows four categories of the internetsecurity incidents as problems while securing the personalinformation breach in the cloud in Australia. Initially theVirus Attack is the highest attack of all the four attacksshowing 45% of the total percentage caused due to theopening of the rogue emails by employees causing deletionof data/corruption of critical data/drastic decrease innetwork performance/breakdown in critical infrastructure.In Contrast, the lowest attack is due to the Cyber criminalsshowing only 9% of the overall percentage. Whereas finallythe Internet Breaches and the Malware Attack varies inbetween the Virus Attack and the Cyber criminals attack for27% and 18% respectively caused by malicious employeeswho intentionally did not comply with the IT Security rulesand others for the remaining 1% of the overall percentage.Hence all these above recent internet security incidents hasto be stopped for protecting personal information in thecloud in Australia by following my own way ofmethodology of research given in the five points aboveTable 1 in the aspect that all the computers must be updatedwith the latest antivirus version, protecting only therequired personal information in the cloud, considering thesensitivity nature of the personal information in the cloudinvolved in the breach, analyzing the risks associated withthe storage of the personal information in the cloud and thenumber of people affected by the personal informationbreach in the cloud in Australia.

Finding out what are the actions taken by theagency or organization to secure the personalinformation in the cloud in Australia.


Checking whether a proper compliance andmonitoring plan is being followed by theorganization in order to avoid the personalinformation breach in the cloud in Australia.

Finding out whether the agency or organizationregularly reviewing the information security stepsor measures in order to avoid the personalinformation breach in the cloud in Australia.

Fig. 6 Example diagram for Protection of Personal Information Lifecyclein the cloud in Australia

Hence the personal information lifecycle mentioned in theabove diagram is used for securing the personal informationin the cloud in Australia by following my own way ofmethodology of research given in the three points above theinformation lifecycle diagram in the aspect that finding outwhat are the actions taken by the agency or theorganization to secure the personal information in the cloudby the way of collecting and holding the required personalinformation and destroy or de identify it when it is nolonger required, checking whether a proper compliance andmonitoring plan is being followed by the way of embeddingprivacy protections in order to avoid the personalinformation breach in the cloud and finding out whether theagency or the organization regularly reviewing theinformation security steps by taking appropriate steps andputting into place strategies in order to protect the personalinformation in the cloud in Australia.

Checking what are the actions taken by the agencyor the organization to minimize the harm to anyindividual arising from the personal informationbreach in the cloud in Australia.

Checking whether police investigation is done inthe matter of the personal information breach inthe cloud in Australia.

Checking if the Commissioner has taken anydetermination for providing severe punishmentunder law against the person who had engaged in

personal information breach in the cloud apartfrom providing payment of compensation to thelife of any individual as individual’s life was putunder a real risk of serious harm in the cloud inAustralia.

Finally, checking if the above determination canbe enforced by the Federal Court or FederalMagistrates Court in the cloud in Australia.

Table II Shows The Action Taken By The Agency, Year, Costs ForInvestigating And Prosecuting Identity Crime For Personal Information

Breach ($M)

Action by theAgency

Year Costs for investigatingand prosecutingidentity crime forpersonal informationbreach ($m)

Australian FederalPolice 2010-2011 $4.8

State Police 2012-2013 $33.8

State Courts 2011-2012 $24.8

The estimation given in the Table 2 are based on theassumption that a single identity crime case costs StateCourts and Police $3,000 per incident as a rough estimateof investigating and prosecuting identity crime for personalinformation breach in the cloud in Australia. First to startwith, the Australia Federal Police had taken action in theyear 2010-2011 and the estimated costs for investigatingand prosecuting identity crime for personal informationbreach was $4.8 in the cloud in Australia. Secondly, theState Police had also taken action against the identity crimefor the personal information breach in the year 2012-2013and the estimated costs for the action taken by the StatePolice was around seven times greater than the estimatedcosts for the action taken by the Australian Federal Policewhich was around $33.8 in the cloud in Australia. Finally,the State Courts had also taken action in the year 2011-2012and the estimated costs for the action taken by State Courtsfor the identity crime for the personal information breachwas around five times greater than the estimated costs forthe action taken by the Australian Federal Police which wasof $24.8 in the cloud in Australia.

For example, Table 2 shows the action taken by thevarious agencies for securing the personal information inthe cloud in Australia by following my own way ofmethodology of research given in the first two points aboveTable 2 in the aspect that checking what are the actionstaken by the various agencies such as Australian FederalPolice and State Courts for the purpose of minimizing harmto any individual arising from personal information breach












Breach ($M)

Action by theAgency



State Police 2012-2013 $33.8

State Courts 2011-2012 $24.8














Breach ($M)

Action by theAgency



State Police 2012-2013 $33.8

State Courts 2011-2012 $24.8




in the cloud by the way of investigating, prosecuting andfinding the person who was the reason for the identity crimethrough Australian Federal Police and State Courts for thepersonal information breach in the cloud and also checkingwhether police investigation is done in the matter for thepersonal information breach in the cloud by the way ofinvestigating, prosecuting and finding the person throughpolice who was the reason for personal information breachin the cloud in Australia. Also the recently enacted lawfrom March 2014, states that Commissioner has all thepowers to seek Court order against the person who hadengaged in conduct that had broken the law and also forproviding civil penalty orders against that person whenindividual’s personal information had been compromisedaffecting his/her privacy in the cloud in Australia.

My own way of methodology of research given in the lasttwo points above Table 2 will check if the Commissionerhas taken any determination for which new law must beenacted for providing severe punishment under law againstthe person who had engaged in personal information breachin the cloud in Australia apart from providing payment ofcompensation to the life of any individual for solving thecurrent problem of personal information breach in the cloudas individual’s life was put under a real risk of serious harmin the cloud apart from affecting the privacy of anyindividual and also finally checking if the abovedetermination can be enforced by the Federal Court or theFederal Magistrates Court in the cloud in Australia.

IV. CURRENT STATE OF THE PROBLEM,RESULTS AND ITS FINDINGS

Recently new law has been enacted from March 2014,which states that Commissioner has all the powers to seekCourt order against the person who had engaged in conductthat had broken the law and also for providing civil penaltyorders against that person when individual’s personalinformation had been compromised affecting the his/herprivacy in Australia.

Inspite of the new law enacted for the current state of theproblem, I state that my objective will be to provide severepunishment under law for which new law must be enactedfor providing severe punishment apart from providingpayment of compensation to the life of any individual forsolving the current problem of the personal informationbreach in the cloud as individual’s life was put under a realrisk of serious harm apart from affecting the privacy of anyindividual in the cloud in Australia.

A. I Have Framed the Following Theories for Solving theCurrent Problem for the Personal Information Breach inthe Cloud in Australia.

My first theory states that the risks associated withthe personal information breach arises in the cloudwhen the personal information is leaked,improperly discarded or gets into the wrong handswhich can lead the individual lives under a realrisk of serious harm in the cloud in Australia.

Nowadays the agencies and the organizations arestoring a large amount of individual’s identifyinginformation electronically. Hence my secondtheory states that this kind of personal informationneeds to be secured because of the reason that, ifany breach of this personal information occurs viathe cloud, then it may be a sufficient one to allowan unauthorized person, to put the individual’s lifeinto a real risk of serious harm in the cloud inAustralia.

According to my third theory which states thatappropriate security for the personal informationmust be available in the cloud for anybody storingor moving those sensitive personal information viathe cloud in Australia.

Further my fourth theory which states that theremust be an appropriate notice to the person towhom the breach of the personal information hadoccurred, with a warning stating that their personalinformation has been compromised via the cloudand by the way taking the right action to protectthe individual from a real risk of serious harm totheir lives in the cloud in Australia.

Furthermore my fifth theory states that the lawrelating to the personal information stored in thecloud still remains underdeveloped in the cloud inAustralia and which needs to be developedproperly in order to protect the lives of theindividuals due to the breach of the personalinformation in the cloud in Australia.

Also my sixth theory states that the law needs tobe developed for the current problem in the aspectthat severe punishment must be provided underlaw apart from providing payment ofcompensation to the affected individual as theirlives were put under a real risk of serious harmapart from affecting the privacy of any individualin the cloud in Australia.

B. My Aims and Objectives Are the Following ResultingWays for Solving the Current Problem of the PersonalInformation Breach in the Cloud in Australia.

1) To Stop the Scam Emails: The scam emails had


circulated around the world via the internet in the cloud.For example, the incident that had happened in AustralianTaxation Office (ATO) clearly shows that the emailspretend to come from the ATO. But truly it is not. Itactually linked to a bogus ATO website asking for thepersonal details. By this incident, I can say that by means ofusing this personal information there are more chances forthe individuals to lead their life under a real risk of seriousharm. Hence I could say that by stopping these scam emailsby using the spam filters which will safeguard theindividuals without the breach of the personal informationin the cloud in Australia.

Fig. 7 Example diagram for Australian Taxation Office logo

2) To Stop the Collection of Unnecessary Informationfrom the Individuals in the Organization: Organizationsmostly collect the information about an individual includingthe personal information. The poor management of thiskind of the personal information can put any individual to areal risk of serious harm. Hence, according to my objective,I state that any organization must only collect theinformation that it needed for its function in the cloud inAustralia.

Fig. 8 Example diagram for Importance of Cloud Computing Security inthe cloud in Australia

3) To Provide Proper Awareness to the Organizationor

Agency About the Risk Caused Due to the Breach of thePersonal Information: Usually the organization might notbe in a position to fix the serious harm that could be causeddue to the breach of the personal information. In thisproblem, I state that my objective would be to provide theappropriate awareness to the organization or the agencyabout the risk that any individual might face which could becaused due to the breach of the personal information in thecloud in Australia.

Fig. 9 Example diagram for Providing proper awareness to theorganization regarding the risk for protecting Personal Information in thecloud in Australia

4) To Stop the Mail Out Due to a Human ErrorGetting

into the Wrong Hands: I state that the mail out due to ahuman error needs to be stopped as the personalinformation may get into the wrong hands due to a humanerror which could create real risk of serious harm to the lifeof any individual in the cloud in Australia.

5) To Stop the Organization or the Agency fromUndersupplying Notification: If an organization is facingthe problem of the breach of the personal information in thecloud and if the security breach is large then the notificationmight not only result in the negative impact but also formarket damage to the organization including thereputational damage, lost customers and lost future profits.Also the organization will only notify the customers if it islegally required to do so as the cost of notifying theindividuals will be more than the cost caused by the actualbreach. And if suppose in the absence of any legalrequirement the organization will usually undersupply thenotification to the individual whose personal informationhad been compromised which can lead an individual lifeinto a real risk of serious harm. Hence I can say that thisneeds to be stopped to save the life of any individual in thecloud in Australia.

Fig. 10 Example diagram for Breach Notification for the PersonalInformation in the cloud in Australia

6) To Report the Notification of the Exact Numberof Personal Information Breaches: In reality manyAustralian companies are suffering from the personalinformation breaches in today’s world. The problem here isthat the number of reports are dropping and so because ofthis there are more chances for the occurrence of the seriousharm that could affect the life of any individual due to thebreach of the personal information in the cloud. So, myobjective states that the number of reports related to thepersonal information breach must be done accurately in thecloud in Australia.




























Fig.11 Example graph for the exact number of reports breached in thecloud

7) To Improve the Security Steps to Safeguard thePersonal Information in the Cloud: I state that theappropriate security steps are required to be taken which isof the latest technology to safeguard the personalinformation in the cloud and by the way safeguarding thelife of any individual in the cloud in Australia.

Fig. 12 Example diagram for Importance of Cloud Computing Security forthe Personal Information Breach in the cloud in Australia

8) To Inform the Police to Safeguard the Individual’sLife: According to my next objective, I state that because ofthe breach of the personal information in the cloud once thevictim was found by the police who was blackmailing theindividual, the police can take the necessary action to savethe individual’s life from the problem that had occurred dueto the breach of the personal information in the cloud inAustralia.

Fig. 13 Example diagram for Australian Federal Police Association

9) To Inform the Privacy Commissioner, OAIC and

the Affected Individuals: In general, my objective states thatthe affected individuals, Privacy Commissioner and theOAIC needs to be notified of the breach of the personalinformation to save the individual’s life from the real risk ofserious harm in the cloud in Australia.

Fig. 14 Example diagram for Office of the Australian InformationCommissioner logo

10) To Introduce the Mandatory Law for ProvidingSevere Punishment for Personal Information Breach in theCloud in Australia: Apart from all the above objectives thatI have mentioned in all the above points, I could say thatmy main objective is to introduce the mandatory law for thepersonal information breach for providing severepunishment apart from providing payment of compensationto the affected individual as their lives were put under areal risk of serious harm apart from affecting the privacy ofany individual for solving the current problem in the cloudin Australia.

Fig. 15 Example diagram for Australian Law Reform Commission logo

V.CONCLUSIONHence, my research says that there needs to be

compulsorily an introduction of the mandatory law similarto the law in Russia for the current problem for the personalinformation breach in the cloud as the breach of thepersonal information not only affects the privacy of anindividual but can also allow any unauthorized person toblackmail (or) impersonate the individual which can lead toa real risk of serious harm to their lives apart from themonetary loss that they had faced and also need to beseverely punished under law through the court apart fromproviding payment of compensation once after the victimwho was the reason for this was found by the police in thecloud in Australia.

REFERENCES[1] (2015) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/

privacy/privacy-resources/privacy-guides/guide-to-securing-personal-information

[2] P. Mell and T. Grance, “The NIST Definition of Cloud Computing”,National Institute of Standards and Technology, United States, Tech.Rep. 800-145, 2011.

[3] (2010) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/news-and-events/media-releases/privacy-media-releases/oaic-finalises-investigation-into-telstra-mailing-list-error

[4] (2012) OAICwebsite. [Online]. Available: http://www.oaic.gov.au






































/privacy/applying-privacy-law/commissioner-initiated-investigation-

reports/medvet-science-pty-ltd-own-motion-investigation-report[5] (2011) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/applying-privacy-law/commissioner-initiated-investigation-

reports/vodafone-hutchison-australia[6] (2012) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/applying-privacy-law/commissioner-initiated-investigation-

reports/first-state-super-trustee-corporation-own-motion-investigation-report[7] (2011) [Online]. Available: http://www.smh.com.au/digital-life/games/playstation-hacking-scandal-police-chief-says-contact-your-bank-now-

20110427-1dvts.html[8] (2011) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/applying-privacy-law/commissioner-initiated-investigation-

reports/professional-services-review-agency[9] (2012) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/applying-privacy-law/commissioner-initiated-investigation-

reports/dell-australia-and-epsilon[10] (2015) [Online]. Available: http://www.mailguard.com.au/blog/[11] (2014) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/images/documents/privacy/applying-privacy-law/app-guidelines/APP_guidelines_complete_version_1_March_2014.pdf

[12] D. Ristevski,“Telstra Cyber Security Report 2014”Australia, 2014.[13] (2015) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/images/documents/privacy/privacy-resources/privacy-guides/Guide_to_securing_personal_information.pdf[14] IdentitySecurityBulletin(2), Attorney-General’s Department, 2014.[15] (2013) [Online]. Available: http://www.ipsec.com.au/blog/Privacy-legislation-update/[16] (2014) ATOwebsite. [Online]. Available: https://www. ato.gov.au/general/online-services/online-security/recognising-and-avoiding-tax-

scams-and-fraud/examples-of-tax-related-scams/refund/phishing-scams/[17] (2015) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guide-to-securing-personal-

information[18] (2015) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/guide-to-securing-personal-

information[19] (2010) OAICwebsite. [Online]. Available:

http://www.oaic.gov.au/news-and-events/media-releases/privacy-media-releases/oaic-finalises-

investigation-into-telstra-mailing-list-error[20] (2014) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/images/ documents/privacy/privacy-resources/privacy-guides/data-breach-

notification-guide-august-2014.pdf[21] (2014) [Online]. Available: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-guide-to-handling-

personal-information-security-breaches#step-3-notification[22] (2014) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-

guide-to-handling-personal-information-security-breaches[23] (2014) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-

guide-to-handling-personal-information-security-breaches[24] (2014) OAICwebsite. [Online]. Available: http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/data-breach-notification-a-

guide-to-handling-personal-information-security-breaches[25] (2014) [Online]. Available:

http://www.lexology.com/library/detail.aspx?g=c60ebe0e-fd4f-4a26-a6ab-177a08a152b4[26] K. Andreeva, V. Strizh and B. Zimbler, Morgan, Lewis and Bockius,“Getting the Deal Through”Data Protection and Privacy 2015,

[Online]. Available: http://www.morganlewis.com/pubs/GTDT_DataProtection2015_Russia.pdf

AUTHORSangeetha M Kannuchamy

B.E in Computer Science and Engineering.

E-mail address: [email protected]

publication in the international journal sangeetha

Education