SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Breach Prevention
#
Cybersecurity
#
Aleron
Breach prevention better than cure for NDB regulations, says Aleron
Wed, 14th Feb 2018
FYI, this story is more than a year old
Author image
By Sara Barker, Copywriter and Senior News Editor
Follow us

Australia's Privacy Amendment (Notifiable Data Breaches) comes into effect next week (February 22). It will require all organisations with a turnover of more than $3 million to notify the Australian Information Commissioner in the event of a data breach that: compromised personal information and is likely to cause harm.

However, failing to comply with those regulations could result in hefty fines and loss in customer trust, according to cybersecurity firm Aleron.

All businesses subject to the Privacy Act need to comply with the new scheme,” says Aleron security consultant Jason Akkari.

“This includes government organisations as well as businesses and not-for-profits with an annual turnover of more than $3 million. If these businesses can demonstrate to customers that they are working hard to protect their privacy, then customers are more likely to remain loyal and it will be easier to attract new customers.

Not all data breaches are eligible, according to the Australian Government.

“For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no requirement to notify any individuals or the Commissioner. There are also exceptions to notifying in certain circumstances.

An eligible data breach occurs when:

1. There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds, 2. This is likely to result in serious harm to one or more individuals, and 3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

He says that while some organisations might have all the right measures in place, there may still be weak spots in their security that make breaches more likely.

“Prevention is definitely better than cure in this case, so it's important for organisations to focus their efforts on making sure they minimise the risk of a data breach.”

1. Confirm whether the business is subject to the scheme.  2.  Know what types of information the business's systems hold. 3.  Put security controls in place to appropriately protect data based on its confidentiality or sensitivity.  4.  Put measures in place to detect potential breaches.  5.  Develop a response plan to effectively react if a data breach is suspected.

Aleron has developed its own privacy audit for organisations that need to prepare for the new regulations. The audit analyses all systems that collect and store personally identifiable information to measure their alignment with the 13 Australian Privacy Principles.

Related stories
Illumio unveils AI enhancements for faster Zero Trust Segmentation adoption
RiverSafe teams up with Cribl to boost IT & data security services
Half of online traffic in 2024 generated by bots, report finds
Axis unveils hybrid cloud platform for adaptable security solutions
Keeper Security launches user-friendly passphrase generator
Top stories
Fortinet recognised as Challenger in Gartner's 2024 Magic Quadrant for SSE
Coalition integrates cyber risk platform with top cloud services providers
Secolve & Asimily join forces to boost Australia's IoT security
Armis warns of major cyber-attack risk to 2024 global elections
i-PRO to support Genetec SaaS with new AI-enabled camera models