Story image

Breach prevention better than cure for NDB regulations, says Aleron

14 Feb 2018

Australia’s Privacy Amendment (Notifiable Data Breaches) comes into effect next week (February 22). It will require all organisations with a turnover of more than $3 million to notify the Australian Information Commissioner in the event of a data breach that: compromised personal information and is likely to cause harm.

However, failing to comply with those regulations could result in hefty fines and loss in customer trust, according to cybersecurity firm Aleron.

All businesses subject to the Privacy Act need to comply with the new scheme,” says Aleron security consultant Jason Akkari.

“This includes government organisations as well as businesses and not-for-profits with an annual turnover of more than $3 million. If these businesses can demonstrate to customers that they are working hard to protect their privacy, then customers are more likely to remain loyal and it will be easier to attract new customers.”

Not all data breaches are eligible, according to the Australian Government.

“For example, if an entity acts quickly to remediate a data breach, and as a result of this action the data breach is not likely to result in serious harm, there is no requirement to notify any individuals or the Commissioner. There are also exceptions to notifying in certain circumstances.”

An eligible data breach occurs when:

1. There is unauthorised access to or unauthorised disclosure of personal information, or a loss of personal information, that an entity holds, 2. This is likely to result in serious harm to one or more individuals, and 3. The entity has not been able to prevent the likely risk of serious harm with remedial action.

He says that while some organisations might have all the right measures in place, there may still be weak spots in their security that make breaches more likely.

“Prevention is definitely better than cure in this case, so it’s important for organisations to focus their efforts on making sure they minimise the risk of a data breach.” 

1. Confirm whether the business is subject to the scheme.  2.  Know what types of information the business’s systems hold. 3.  Put security controls in place to appropriately protect data based on its confidentiality or sensitivity.  4.  Put measures in place to detect potential breaches.  5.  Develop a response plan to effectively react if a data breach is suspected. 

Aleron has developed its own privacy audit for organisations that need to prepare for the new regulations. The audit analyses all systems that collect and store personally identifiable information to measure their alignment with the 13 Australian Privacy Principles.

Slack users urged to update to prevent security vulnerability
Businesses that use popular messaging platform Slack are being urged to update their Slack for Windows to version 3.4.0 immediately.
Secureworks Magic Quadrant Leader for Security Services
This is the 11th time Secureworks has been positioned as a Leader in the Gartner Magic Quadrant for Managed Security Services, Worldwide.
Deakin Uni scores double win with Exabeam partnership
Australia’s Deakin University is partnering with SIEM security company Exabeam in an effort to boost the university’s cybersecurity degree program and strengthen its SIEM capabilities.
Google puts Huawei on the Android naughty list
Google has apparently suspended Huawei’s licence to use the full Android platform, according to media reports.
Voter vulnerabilities: Cybersecurity risks impact national elections
The outcome of elections have an enormous impact on the political and cultural landscape of any democratic society. 
Using data science to improve threat prevention
With a large amount of good quality data and strong algorithms, companies can develop highly effective protective measures.
General staff don’t get tech jargon - expert says time to ditch it
There's a serious gap between IT pros and general staff, and this expert says it's on the people in IT to bridge it.
ZombieLoad: Another batch of flaws affect Intel chips
“This flaw can be weaponised in highly targeted attacks that would normally require system-wide privileges or a complete subversion of the operating system."