research proposal k.m.sangeetha
TRANSCRIPT
RESEARCH PROPOSAL
CONTENTS
Introduction
Proposed Title
Preliminary Literature Review
Research gap and problem
Current state of the problem
Aims and Objectives
Research Methodology and Approach
Research Timeline
Conclusion
Prepared by K.M.Sangeetha
Introduction:
Today, internet plays an important role in the major parts of the world. Cloud
computing which is the latest technology provides a lot of services to the users via the
internet.
Anybody can access any kind of information all around the world using an internet
connection. For example: (a) sending and receiving email (b) Google talk (c) Google Apps
etc.
Now to start with the main point for discussion,
Is it sure whether the data i.e the personal information which is stored (or)
transferred via the cloud is secured in Australia?
I can say that the data stored (or) transferred via the cloud is not secured and there is
still breach of any personal information occurs via the cloud in Australia?
I can also say that the answer to the above questions as no, why because till now we
have a lot of problems that had occurred due to the storage (or) transfer of the
personal information via the cloud in Australia.
The main problem that could occur might be due to the malicious breach of the
personal information which might be due to a hacker attack.
Ok, what will happen if the personal information is hacked in the cloud in Australia?
Actually it can lead an individual’s life to a real risk of serious harm for the people in
Australia.
The hackers can blackmail the individual not only to make money out of it, but also
can lead the individual’s life under a real risk of serious harm in Australia.
Therefore, what can be done in order to safeguard the life of the affected individual in
Australia?
Hence, my research takes positive steps in order to safeguard the life of the affected
individual from the real risk of serious harm to their lives, by providing severe
punishment apart from compensation as their lives were put under real risk of serious
harm apart from the affected individual’s privacy in Australia.
Proposed Title:
Securing the personal information in the cloud: Introduction of the mandatory
personal information breach law in Australia in order to avoid a real risk of serious harm
to the individual while securing the personal information in the cloud.
Preliminary Literature Review:
Introduction of main concepts and their definitions in my literature are as
follows:
Agency
ALRC
Business
Cloud computing
Data Breach
Data Breach Notification
Data security
Identity theft
OAIC
Organization
Personal Information
Security breach
Agency:
Agency means an Australian government department.
ALRC:
Australian Law Reform Commission.
Business:
A business is one which takes the main responsibility of protecting the customer
records under its own custody in the view of securing the personal data in the
cloud.
Cloud computing:
Cloud computing offers users for on-demand access to scalable information
technology capabilities and services that are provided via internet-based
technologies which is being completely managed by the service provider.
Data breach:
Data breach means any personal information held by an agency or an
organization which is subjected to any unauthorized access, disclosure or misuse.
Data breach Notification:
Data breach notification actually refers to a legal requirement used to provide
notice to the affected persons when certain kind of personal information is
misused by the unauthorized persons.
Data security:
Data security is the main key concern when we consider the use of the IT
resources as it may lead to significant risk or damage to the life of the individual
that uses the cloud.
Identity theft:
Identity theft is defined as one person impersonating another for the purpose of
obtaining a benefit and the people affected by this may be under a real risk of
serious harm to their life.
OAIC:
Office of the Australian Information Commissioner
Organization:
Organization means all business, non-government organizations and all the
health care providers.
Personal Information:
Personal information actually means an individual’s first name or first initial and
his or her last name in combination with any one or both of the following data
elements, when either the name or the data elements are not encrypted.
Driver’s license number
Bank account number, credit or debit number in combination with any
security code or password that provides access to the individual’s
financial account.
Security breach:
Security breach is defined as the loss or theft of the device such as laptops and
the storage media such as the disks or the USB drives which could contain the
sensitive personal information in the cloud.
Research gaps and problems:
My literature attempts to address the below gaps and the problems that occurs
when the personal information has been stolen via the internet in the cloud
and which could create a real risk of serious harm to the life of any Australian.
Why do Australian’s fear for the online financial services to transfer their
personal information as a major gap via the internet in the cloud?
Why is Australia in lack of the notification law about any breach to an
individual as a major gap when personal information breach occurs?
Why do scam emails still circulating as a major problem in the cloud in
Australia?
Do organization only collect information about an individual that it needs for
its functions in Australia?
What is the reason behind the organization which is in lack of the proper
awareness of the risks that will be caused because of the personal information
breach in Australia?
Why do organizations need to improve the security measures as an existing gap
in the cloud in Australia?
Why do small organizations not recognizing the failures in security for
protection as an awareness which is the major gap while securing personal
information in the cloud in Australia?
Why do small organizations do not use the standards to drive practice for filling
the major gap in the cloud in Australia?
Why don’t organizations stop the problem by the way of “undersupplying the
notification” in Australia to the individual that their personal information has
been compromised?
What are the ways that are required by the organization to stop the malicious
attack in order to safeguard the personal information in the cloud in the
Australia?
Why is there a need to stop the identity theft as a major problem in the cloud
in Australia?
Why do we require to inform the Police, OAIC, Privacy Commissioner and the
affected individuals about the breach of the personal information in the cloud
in Australia?
Why do the affected individuals needs to be provided severe punishment apart
from compensation which is the major gap that had occurred due to the breach
of the personal information in the cloud in Australia?
Why do we require the mandatory law for the personal information breach
which is a major gap while securing the data in the cloud in Australia?
Current state of the problem:
From March 2014, Commissioner has all the powers to seek Court order against
the person who had engaged in conduct that had broken the law and also for
providing civil penalty orders against that person when individual’s personal
information had been compromised affecting the his/her privacy.
The different theories that exists in my literature are as follows:
The following are the theories prepared by me for the personal information breach:
My first theory states that the risks that are associated with the
personal information breach arises when the personal information is
leaked, improperly discarded or gets into the wrong hands which can
lead the individual lives under a real risk of serious harm in the
Australia.
Nowadays the agencies and the organizations are storing a large
amount of individual’s identifying information electronically. Hence
my second theory states that this kind of information needs to be
secured because of the reason that, if any breach of this personal
information occurs via the cloud, then it may be a sufficient one to
allow an unauthorized person, to put the individual’s life into a real
risk of serious harm in Australia.
According to my third theory which states that appropriate security
for the personal information must be available in the cloud for
anybody storing or moving those sensitive personal information via
the cloud in Australia.
Further my fourth theory which states that there must be an
appropriate notice to the person to whom the breach of the personal
information had occurred, with a warning stating that their personal
information has been compromised and by the way taking the right
action to protect the individual from a real risk of serious harm to
their lives in Australia.
Furthermore my fifth theory states that the law relating to the
personal information stored in the cloud still remains underdeveloped
in the Australia and which needs to be developed properly in order to
protect the lives of the individuals due to the breach of the personal
information in the cloud in Australia.
Also my sixth theory states that the law needs to be developed in the
aspect that severe punishment must be provided under law apart
from compensation to the affected individual as their lives were put
under a real risk of serious harm apart from affecting the privacy of an
individual in the cloud in Australia.
The incidents related to the personal information in the cloud in Australia
that had occurred in an agency or in any organization are as follows:
I have prepared the examples of the various incidents that had occurred in the
Australia due to the breach of the personal information in the cloud.
Telstra Corporation Limited (Telstra)
In the Telstra Corporation Limited, the mailing list error had occurred which
resulted in 2,20,000 letters with incorrect addresses being mailed out.
It seemed that the occurrence of this problem was due to an employee by
mistake had used wrong data table and because of this the wrong mailing list
has been recorded in the mailing list which had resulted in the breach of the
personal information in the cloud in Australia.
From the above incident, I can say that it had happened due to a human
error and hence the mail out was stopped immediately to solve the
problem of the personal information breach and by the way safeguarding
the life of the individual in Australia.
Medvet Science Pty Ltd
Medvet Science Pty Ltd has breached the personal information in the Google
cache which contained the billing and the shipping address details apart from
the service order details.
Once the report had been prepared by the Deloitte, it stated that the
accessibility of the address information was actually the breach of the
personal information in the cloud in the Australia which was not permitted
and hence the Medvet had committed the breach of its customer details.
From the above incident, I could say that the Medvet did not had sufficient
level of security in place to protect the personal information in the cloud
thereby leading to a real risk of serious harm to the life of an individual in
Australia.
I also state that the business must make sure that it has the appropriate
privacy and security measures to confirm that their systems are secured
enough to safeguard the life of an individual in Australia.
Vodafone Hutchison Australia
Vodafone Hutchison Australia’s personal information had been
compromised in the cloud via the internet in Australia. Vodafone’s business
had collected the identity information from the customers for the complete
100 pt ID verification checks in order to comply with the obligations.
For example, if it is in the case of the passport, the document number and its
expiry date were available to all the authorized users.
From the above incident, I could say that the identity theft could play a real
risk of serious harm to the life of an individual if the personal information is
breached, but fortunately in the above case once the Vodafone had
become aware of the disclosure of the personal information it had acted
immediately to prevent any unauthorized access of the personal
information in the cloud in Australia.
First State Super Trustee Corporation
In the FSS (First State Super Trustee Corporation) an unauthorized person
had purposely accessed the secured section of the FSS’s website and had
downloaded the personal information belonging to the 568 FSS members.
But it seemed that the member’s personal information was not actually
published to the general public for accessing and was published only to the
members of the FSS.
It was found that the personal information which was downloaded contained
the member’s name and their addresses, the details of the superannuation,
account transactions, balances and the age of the members.
Now, from the above incident, I state that the personal information breach
has been addressed by the FSS and which implemented the security
measures to solve the problem of the breach in order to safeguard the life of
the individual via the internet in the cloud in Australia.
Sony Playstation Network
A media report about the Sony Playstation network told that the individual’s
names, addresses and the other personal data including the credit card
details which had been compromised due to a cyber attack though it had a
wide range of security in place.
Hence, I could say that the above incident which had occurred due to the
cyber attack made the breach of the personal information in the cloud in
Australia and which was now stopped by means of following the extra
security measures which will surely safeguard the life of the individual in
Australia.
The Professional Services Review Agency
The Professional Services Review Agency (PSR) holds the Medicare Benefits
Program (MBP) and the Pharmaceutical Benefits Program (PBP) claims the
information within the same database for an indeterminate time and in an
unsecured manner. Because of this problem, the PSR was not complying with
the obligations relating to the way claims information and the personal
identifying information must be handled by the Australian Government
Agencies when stored in the databases.
Finally, in order to solve this problem PSR followed the secured manner of
separating the databases into two and also with the limited retention periods
to solve the problem of the breach of the personal information in the cloud
and by the way safeguarding the life of the individual in Australia.
Hence, I could say that there must be proper security in place to safeguard
the personal information in the cloud in Australia.
Dell Australia
In Dell Australia, an employee unintentionally made the malware installed
and the attacker gained access to the personal information on the database
which actually seemed to be a malicious attack.
From the above incident, I could say that the appropriate measures were
taken at the right time to solve the personal information breach by
improving the security system measures and by the way solving the problem
of the personal information breach in the cloud and hence safeguarding the
life of the individual in Australia.
The ways that are created by me to understand more about my research
idea:
I have framed the ways on my own that I use in my literature which had helped me to
understand more about the research idea that I wish to research which are as follows:
To start with I can say that my literature had helped to understand more about
the new concepts that are related with the personal information breach; it had
asked me a lot of questions; it also had helped me to know more about the
issues that exists in reality in today’s world due to the breach of the personal
information in the cloud in Australia.
Further, my literature also helped me to understand more related to the
research idea that I wish to research regarding my new theories for the
personal information breach via the internet in the cloud in Australia.
My literature also had helped me more to frame my objectives on my own in
order to solve the problems or the issues that had arised due to the personal
information breach in the cloud in Australia.
Furthermore, my literature also had helped me more to follow the required
methodologies for my research, prepared on my own by the way solving the
problems or the issues that had arised due to the personal information breach
in Australia.
Finally, my literature also had helped me more to conclude me an appropriate
solution about my research idea that I wish to research.
Aims and Objectives:
My aims and objectives are the answers for the above questions to stop the breach of the
personal information in the cloud via the internet in Australia which are as follows:
To stop the scam emails:
Nowadays the scam emails are circulating around the world via the internet in the cloud.
For example the incident that had happened in Australian Taxation Office (ATO) clearly shows
that the emails pretend to come from the ATO. But truly it is not. It actually link to a bogus ATO
website asking for the personal details. By this incident, I can say that by means of using this
personal information there are more chances for the individuals to lead their life under a real
risk of serious harm. Hence I could say that by stopping these scam emails by using the spam
filters which will safeguard the individuals without the breach of the personal information in
the cloud in Australia.
To stop the collection of the unnecessary information from the individuals in the organization:
Organizations mostly collect the information about an individual including the personal
information. The poor management of this kind of the personal information can put an
individual to a real risk of serious harm. Hence, according to my objective I state that an
organization must only collect the information that it needed for its function in the cloud in
Australia.
To provide proper awareness to the organization or the agency about the risk caused due to
the breach of the personal information:
Usually the organization might not be in a position to fix the serious harm that could be caused
due to the breach of the personal information. In this problem, I state that my objective would
be to provide the appropriate awareness to the organization or the agency about the risk that
an individual might face which could be caused due to the breach of the personal information
in the cloud in Australia.
To stop the mail out due to a human error into the wrong hands:
I state that the mail out needs has to be stopped as the personal information may get into the
wrong hands due to a human error which could create real risk of serious harm to the life of
an individual in Australia.
To stop the organization or the agency from undersupplying the notification:
If an organization is facing the problem of the breach of the personal information in the cloud
and if the security breach is large then the notification might not only result in the negative
impact but also for market damage to the organization including the reputational damage, lost
customers and lost future profits.
Also the organization will only notify the customers if it is legally required to do so as the cost of
notifying the individuals will be more than the cost caused by the actual breach.
And if suppose in the absence of any legal requirement the organization will usually
undersupply the notification to the individual whose personal information had been
compromised which can lead an individual life into a real risk of serious harm. Hence I can say
that this needs to be stopped to save the life of an individual in Australia.
To stop the malicious attack which extracts the user’s data:
It has been observed from the IT News Australia that the malicious attack into the ATO’s
website had adopted the most advanced techniques by means of linking the ATO’s most
important website to the pages of real services with menus in order to extract user’s personal
information in the cloud which could cause serious harm to the life of the individual. Hence,
according to my observation, I can say that these kind of attacks needs to be stopped soon in
the cloud in Australia.
To report the notification of the exact number of personal information breaches:
In reality many Australian companies is suffering from the personal information breaches in
today’s world. The problem here is that the number of reports is dropping and so because of
this there are more chances for the occurrence of the serious harm that could affect the life of
the individual due to the breach of the personal information in the cloud. So, my objective
states that the number of reports related to the personal information breach must be done
accurately in the cloud in Australia.
To improve the security measures to safeguard the personal information in the cloud:
I state that the appropriate security measures are required to be taken which is of the latest
technology to safeguard the personal information in the cloud and by the way safeguarding the
life of the individual in the cloud in Australia.
To inform the Police to safeguard the individual’s life:
According to my next objective, I state that because of the breach of the personal information
in the cloud once the victim was found by the police who was blackmailing the individual, the
police can take the necessary action to save the individual’s life without any problem in
Australia.
To inform the Privacy Commissioner, OAIC and the affected individuals:
In general, my objective states that the affected individuals, Privacy Commissioner and the
OAIC needs to be notified of the breach of the personal information in the cloud in Australia to
save the individual’s life from the real risk of serious harm.
To introduce the mandatory personal information breach law:
Apart from all the above objectives that I have mentioned in all the above points, I could say
that my main objective is to introduce the mandatory law for the personal information breach
when the life of any individual were put under a real risk of serious harm in Australia apart
from affecting individual’s privacy as it is not a cool issue.
To provide severe punishment and also to compensate the affected individuals due to the
personal information breach:
Finally, I conclude my aim and as well as my objective saying that the introduction of the
mandatory law for the personal information breach in the cloud in Australia must provide
severe punishment and also compensate the affected individual as their lives were put under
a real risk of serious harm apart from affecting the privacy of an individual.
Research Methodology and Approach:
My research methodologies and approaches are under the following factors:
Checking if all the computers are updated with the latest version of the antivirus so that the
intruders using the malware can never access the personal information in the cloud via the
internet in Australia?
What are the personal information do an agency or an organization requires from an
individual in Australia?
How sensitive is the personal information that is involved in the breach?
Can this personal information be used by anyone to misuse and by the way leading them to a
real risk of serious harm to the life of any individual in Australia?
How many number of people are affected by this personal information breach in Australia?
What are the actions taken by the agency or the organization to minimize the harm to the
individuals arising from the breach such as notifying them or else to re-secure their personal
information in Australia?
Whether the agency or the organization regularly reviewing the information security
measures in order to avoid the personal information breach in Australia?
Checking whether a proper compliance and monitoring plan is being followed by the
organization in order to avoid the personal information breach in Australia?
Checking whether police investigation is done in the matter of the personal information
breach in the cloud in Australia?
Checking whether the organization or the agency had notified the OAIC of the personal
information breach in Australia?
Checking if the Commissioner has taken any determination for providing severe punishment
and also requiring the payment of compensation to the life of the individual as it was put
under a real risk of serious harm in Australia?
Finally, checking if the above determination can be enforced by the Federal Court or the
Federal Magistrates Court in Australia?
My methodologies and approaches of research will follow all the above procedures in order to
safeguard the life of the individual due to the breach of the personal information in the cloud
in Australia and must also provide severe punishment under law apart from the compensation
to them as their lives were put under a real risk of serious harm apart from affecting the
privacy of an individual in Australia.
Research Timeline:
I require 3 to 4 years in part time enrolled in full time for pursuing PhD for the above project
in Queensland University of Technology in Australia.
Conclusion:
Hence, my research says that there needs to be compulsorily an introduction of the
mandatory law for the personal information breach in the cloud as the breach of the personal
information not only affects the privacy of an individual but can also allow any unauthorized
person to blackmail (or) impersonate the individual which can lead to a real risk of serious
harm to their lives apart from the monetary loss that they had faced and also needs to be
severely punished under law through the court apart from the compensation once after the
victim who was the reason for this was found by the police in Australia.