Home / Business / Articles / Cyber resilience - When private information gets splashed around the Internet

There has been some very high profile data breaches that have made local and world-wide headlines. These basically involve information, which should be private and confidential, getting out into the public domain. These are sometimes very sophisticated hacks but more often they have been as simple as employees copying large volumes of information and publishing them on the internet. Very often, breaches are caused by extremely slack password processes and security, or just being unaware of the danger.

The Australian Government has established a Notifiable Data Breach (NDB) scheme to ensure that affected individuals are notified about serious data breaches. The scheme will apply to all businesses, government agencies and other organisations, including not-for-profits, covered by the Australian Privacy Act 1988 (Privacy Act) and will commence on 22 February 2018.

NDB definition

A NDB refers to data breach likely to cause serious harm to those whom the information relates to.

A data breach occurs when personal information:
bulletStored in a device is lost or stolen
bulletIs stored in “hacked” database
bulletMistakenly given to wrong person.

The NDB scheme requires an entity to notify the Privacy Commissioner and any individual whose private information was compromised in the event of a NDB.

Implementing reasonable steps

Organisations need to consider the implementation of policies, process and procedures to adequately protect personal information. These include, but are not limited to:
bulletGovernance, culture and training
bulletInternal practices, procedures and systems
bulletICT security
bulletAccess security
bulletThird party providers (including cloud computing)
bulletData breaches
bulletPhysical security
bulletDestruction and de-identification
bulletStandards

Where to start

In summary, this reform requires significant transformation towards governance and risk management, practice, policies and procedures, ICT architectures, workforce culture, and operations.

At present, we observe that only a handful of organisations are well placed to respond to current privacy and information security risks, due to effective governance and risk management. Many organisations are still coming to terms with emergent information security risks and implications towards wider operational, compliance and reporting requirements.

If you are feeling overwhelmed by these issues, don’t be! Our team of experts would be very pleased to meet with you to discuss how we can journey with you in this process.

See more articles in this series

 

 

Paul Tan

New to Saward Dawson? Book a free 30 minute consultation

We happily spend 30 minutes without charge with new contacts to explore relevant issues and outline how we can assist. Let us know your area of interest and we will arrange a specialist to meet with you.

Subscribe to e-bulletins

Subscribe Now

Stay Connected