sb-au logo
Story image

Breach prevention better than cure for NDB regulations, says Aleron

14 Feb 2018

Australia’s Privacy Amendment (Notifiable Data Breaches) comes into effect next week (February 22). It will require all organisations with a turnover of more than $3 million to notify the Australian Information Commissioner in the event of a data breach that: compromised personal information and is likely to cause harm.

However, failing to comply with those regulations could result in hefty fines and loss in customer trust, according to cybersecurity firm Aleron.

All businesses subject to the Privacy Act need to comply with the new scheme,” says Aleron security consultant Jason Akkari.

“This includes government organisations as well as businesses and not-for-profits with an annual turnover of more than $3 million. If these businesses can demonstrate to customers that they are working hard to protect their privacy, then customers are more likely to remain loyal and it will be easier to attract new customers.”

Not all data breaches are eligible, according to the Australian Government.

“For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no requirement to notify any individuals or the Commissioner. There are also exceptions to notifying in certain circumstances.”

An eligible data breach occurs when:

1. There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds, 2. This is likely to result in serious harm to one or more individuals, and 3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

He says that while some organisations might have all the right measures in place, there may still be weak spots in their security that make breaches more likely.

“Prevention is definitely better than cure in this case, so it’s important for organisations to focus their efforts on making sure they minimise the risk of a data breach.” 

1. Confirm whether the business is subject to the scheme.  2.  Know what types of information the business’s systems hold. 3.  Put security controls in place to appropriately protect data based on its confidentiality or sensitivity.  4.  Put measures in place to detect potential breaches.  5.  Develop a response plan to effectively react if a data breach is suspected. 

Aleron has developed its own privacy audit for organisations that need to prepare for the new regulations. The audit analyses all systems that collect and store personally identifiable information to measure their alignment with the 13 Australian Privacy Principles.

Story image
Trend Micro reveals misconfigurations are No. 1 cause of cloud security issues
The company says it identifies 230 million misconfigurations on average each day – proof, it says, that this risk is prevalent and widespread.More
Story image
Glenn Maiden to lead FortiGuard Labs A/NZ as director of threat intelligence
Maiden will focus specifically on threat intelligence sharing for organisations across A/NZ, so that those organisations may protect their businesses from existing and emerging cyber threats.More
Story image
Interview: Ping Identity exec on why security system updates are critical during COVID-19
Techday spoke with Ping Identity country manager for A/NZ and Japan, Ashley Diffey, on how zero-trust is favourable over perimeter-based security, and what the changes in work mean for businesses in a post-COVID-19 world.More
Story image
Bitdefender reveals new botnet which 'puts others to shame'
The botnet, which Bitdefender has dubbed ‘dark_nexus’ based on a string it puts in its banner, boasts new features and capabilities that ‘put to shame’ most other IoT botnets and malware that the cybersecurity has seen.More
Story image
DDLS offers all courses remotely during COVID-19 lockdowns
“With Virtual Instructor-led Training, DDLS can provide training in the skills organisations require immediately, in order to maintain business momentum in these very troubled and demanding times.”More
Link image
Take advantage of free multi-factor authentication as you work remotely
Cybersecurity is shaping up to be one of the most important areas to consider while working from home. Leverage biometrics and password authentication for free with RSA.More