Australia's largest stock trading and investment forum Australia's #1 stock forum

SP1

Click for more information

0.00%

$1.07 southern cross payments ltd

I commend you for the intelligence shown in your post. my...

First 164 Last

Share
Profile

Follow
hopper

2,068 Posts.

54

19/08/20

21:58

Post #: 46670754
Share

Originally posted by aes411: ↑

Well from ISX's perspective, it is likely a breach and I'll explain why to you.

The test is: who is the data controller i.e. who is responsible for the protection of the data?

Going by ISX's judgment, ISX is the data controller as per the GDPR. I don't know the specifics of the data and I'm not a GDPR expert but at least I know the data cannot be shared by Visa EU just because Visa EU has access to it.

A valid question would be why wasn't this data requested from ISX by ASIC? Afterall ISX owns this data and would cooperate with ASIC. ASIC obviously has the power to request the data from ISX, so how this data was moved around indicates to me the data was likely not requested from ISX. ISX has very serious concerns with ASX's ability to protect data and will not release this data to the ASX since part of the regulation highlights the need to only share data when assured the data will be protected. But ASIC? ISX would have.

ISX only has a contractual relationship with Visa EU, so from ISX's point of view, Visa EU and Visa AU are separate entities. Plain and simple. I don't believe the argument some seem to be putting on that as it's all Visa, it's all good is correct. If that were the case, Visa AU should have access to the data and there shouldn't have been a need to 'manually' aka sneakily IMO transfer the data in the first place.

In a different sense, ISX and Visa EU could qualify as joint controllers. But even then it's a joint responsibility in protecting and taking decisions on the disclosure of the data, not just Visa EU's. In the worst-case, Visa EU should have informed ISX of the request and should have discussed the next action jointly with ISX before the actual transfer. In the best case, it should not have handed out the data and simply indicated to ASIC the data is owned by ISX, and request ASIC to source the data from ISX.

So, you see, Visa EU can't merely adviseISX it has manually transferred the data from Visa Europe to Visa Australia as you stated and your group here hopes that's the end of the story. It's more serious than that.

In any case, there would be all sorts of legal arguments coming up as there are usually overlaps or conflicts in these regulations (payday for the lawyers) so it's a bit too early for definite conclusions.

What I care about at this point is that sneaky actions being taken behind the scenes are being exposed, and hopefully, there will be some publicity that exposes the ASX's double standard. I'm fairly certain ASX knew this wasn't straightforward (I recollect someone posted the ASX lawyer said something to that effect in court).

ISX being suspended by Visa is of such importance that it should have been disclosed but sharing of their customers' data without their consent isn't important? Jeez

Expand

I commend you for the intelligence shown in your post.
my hypothesis is that (i have not looked at the flowchart posted yet) ASX requested for the information either from VISA EU or VISA AU without going through ISX since ASX knows ISX would not consent to it. If ASX did not have the authority as it was not part of MOU, requested ASIC to for it under section XX (what chilling out posted).

As VISA Au did not have the information the request went to VISA Eu after identifying which VISA country has the information.

My deduction is that the data breach originated from VISA EU. Protocol would require the entity that breach the data has to investigate when where and how the breach occur and a certain amount of time say 3 to 4 weeks. The breach had to be reported to the entity concern asap to allow the entity to control the damage. I believe the breach occurred 3 or 4 weeks ago.

i also believe the breach occurred at VISA EU because whoever breached it is the one responsible for reporting to the entity concerned.

this led me to wonder why VISA EU sent the data to Visa Au? There may be another breach occurring at ASX end with partial disclosure to a third party. Is Clayton Uz third party? Not likely.

Why transmit manually from overseas? Highly like in paper form and through post. I guess digital transmission of private data is not safe unless the entity requesting it will take responsibility for any breach if transmitted digitally.

ISX Price at posting: $1.07 Sentiment: Buy Disclosure: Held
4 Upvote

0 Great analysis

Reply

Top Stories

EMD

Emyria's Empax Centre chosen for mental health clinical trial

With financials holding the fort, materials must step up with some heavy lifting to stimulate stocks

BRX

Belararox delineates another porphyry in Argentina at Tambo South

ASX Market Update: Shares fall flat as GYG soars on debut | 20 June, 2024

AML

Cultural heritage agreement puts Walford Creek exploration back on the map

SBW

Shekel Brainweigh CEO Nir Leshem weighs in on AI adoption ahead of FY25

RDN

If you thought lithium was dead, think again. The Pilbara will be central to the next upswing

STX

Strike Energy secures $153 million for Perth Basin gas projects

FHE

Frontier Energy achieves key milestone for Waroona energy project

Plagues precede widespread power shifts. We’re living in one – and minerals are at the fore

There are more pages in this discussion • 44 more messages in this thread...

First 164 Last

Add SP1 (ASX) to my watchlist

SPONSORED BY