Who cares about the Notifiable Data Breaches amendment?

Tom Allan
Director, Basis Networks
Tom Allan
Director, Basis Networks
There are a lot of articles and posts out there discussing the Notifiable Data Breaches (NDB) amendment to the Privacy Act 1988, which comes into effect on 22nd February.

If you are not sure what this is, it can be summarised as:

If your company is subject to the privacy act and you have an eligible data breach, then you must notify the Office of the Australian Information Commissioner (OAIC), and any potentially affected individuals, or face a fine of up to $1.8m.”

Full details of the amendment are available here.

But the legislation is only part of the story.

A growing level of attention from the media to data privacy and particularly any major breach, an increasing reliance on collecting and manipulating useful data to remain competitive in the digital age, and the barrage of news telling us that rapidly evolving cyber-attacks are not just likely, but inevitably going to hit your business, are changing the way we look at cyber security. 

The Challenge                                                                          

Cyber threat prevention, detection, and response, is critical to protecting organisations digital assets, including personal data. This hasn’t changed. But the rapid adoption of multi-cloud enterprise networks, distribution of applications across environments, hyper-connectivity of workforces, and the proliferation of Internet-connected things has broken the traditional approach to securing our businesses. As a result, operations, compliance, and the identification of breaches is much more challenging and complex than it used to be.

But it doesn’t have to be. 

Enhanced Security. Simplified Operations.

We need to view security from a strategic perspective and avoid the temptation to bolt another tool or security product onto increasingly hard to manage and disparate systems in the hope that it will help us to stay ahead of cyber threats.

Enhanced Security

Through the development and implementation of a holistic and intelligent security architecture we can now provide exceptional levels of cyber security relevant to the nature of an organisations data criticality, while also enabling businesses to benefit from digital transformation activities. 

A consistent architecture consider the multitude of ways in which data traverses the enterprise, across on-premise and cloud environments, from physical or virtual hosts, and it provides a comprehensive means of enforcing granular levels of control regardless of where that data sits or who is consuming it. Importantly, it will also provide a method to gain visibility into your network, the operation of security controls, and threat management.

Simplified Operations 

The challenge of implementing an effective cyber security framework for a modern-day business can seem complex and daunting. But when we simplify the security architecture to provide consistent visibility and control across the enterprise we also reduce the overhead of ongoing management by centralising and streamlining day to day processes. This allows us to look at intelligent ways to automate security operations activities, including change management, policy assessment, vulnerability scanning, compliance reporting, risk analysis, log collection, threat detection, event response, and more.

Back to the Notifiable Data Breaches Amendment 

To comply with the Notifiable Data Breaches amendment, you will need to be able to detect, and report on any notifiable data breach after it has happened.

But, do you know if you currently store personal information, and if so, where it is stored, and how it is transmitted throughout your business?

If a breach occurred, would you know? 

And, more importantly, how do you stop them from happening in the first place? 

While the amendment is an important consideration, we recommend your business undertakes a review and remediation of cyber security that aligns with your business goals and is not just aimed at meeting your minimum obligations. Security should be an enabler to your business, allowing you to deliver valuable digital services to your customers, confidently, and quickly. And this can only be done through the consistent application of a modern security framework that is tailored to your needs.

Recommended Approach 

  1. Determine how you collect and store personal data that is impacted by the Notifiable Data Breaches amendment.
  2. Review the criticality of your data, and how it is used within your organisation, so that security can be applied appropriately to the relevant areas.
  3. Understand your current cyber security posture. Perform an assessment to discover how secure you are in relation to your data.
  4. Assess your organisational capability to maintain a high degree of cyber security prevention, detection, and response.
  5. Uplift your security architecture to match your business objectives and compliance obligations and reduce your operational overhead.
  6. Investigate what security activities can be automated, in particular look into your ability to automate the detection of any breach.
  7. If you have a managed security service, ensure it complies with the provisions of the amendment, and review roles and responsibilities regarding how to deal with a breach should it occur.

Basis Networks

Basis Networks are industry leaders in the delivery of intelligent connectivity, cyber security, and network intelligence solutions for Australia’s businesses.

Our highly effective approach to helping our customers deliver on their digital business initiatives has resulted in being recognised by CRN as the fourth fastest growing IT company in Australia, and the 24th fastest growing company in Australia by the Australian Financial Review, for the 2017 financial year.

For a no obligation, initial consultation, contact us at sales@basisnetworks.com.au