Story image

Breach prevention better than cure for NDB regulations, says Aleron

14 Feb 2018

Australia’s Privacy Amendment (Notifiable Data Breaches) comes into effect next week (February 22). It will require all organisations with a turnover of more than $3 million to notify the Australian Information Commissioner in the event of a data breach that: compromised personal information and is likely to cause harm.

However, failing to comply with those regulations could result in hefty fines and loss in customer trust, according to cybersecurity firm Aleron.

All businesses subject to the Privacy Act need to comply with the new scheme,” says Aleron security consultant Jason Akkari.

“This includes government organisations as well as businesses and not-for-profits with an annual turnover of more than $3 million. If these businesses can demonstrate to customers that they are working hard to protect their privacy, then customers are more likely to remain loyal and it will be easier to attract new customers.”

Not all data breaches are eligible, according to the Australian Government.

“For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no requirement to notify any individuals or the Commissioner. There are also exceptions to notifying in certain circumstances.”

An eligible data breach occurs when:

1. There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds,
2. This is likely to result in serious harm to one or more individuals, and
3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

He says that while some organisations might have all the right measures in place, there may still be weak spots in their security that make breaches more likely.

“Prevention is definitely better than cure in this case, so it’s important for organisations to focus their efforts on making sure they minimise the risk of a data breach.” 

1. Confirm whether the business is subject to the scheme. 
2.  Know what types of information the business’s systems hold.
3.  Put security controls in place to appropriately protect data based on its confidentiality or sensitivity. 
4.  Put measures in place to detect potential breaches. 
5.  Develop a response plan to effectively react if a data breach is suspected. 

Aleron has developed its own privacy audit for organisations that need to prepare for the new regulations. The audit analyses all systems that collect and store personally identifiable information to measure their alignment with the 13 Australian Privacy Principles.

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.