Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Privacy laws: Act now or else

Brian Karlovsky | Nov. 6, 2013
The changes are the biggest in the field of privacy in 25 years and channel players in Australia need to act now to protect themselves

Despite the fanfare, one in three Australian businesses are still unaware of the incoming reforms, according to a recent report from cyber-security firm, Clearswift.

Encryption option
Its A/NZ Regional Director, Michael Toms, said encryption, which was already strong in Europe due to stricter privacy laws, could come to the fore to avoid data leakage.

"Your typical encryption of email transmission is quite key to ensuring you're not getting eavesdropped," he said.

"But if you're an organisation which receives unsolicited information that could be deemed to be sensitive it's your responsibility to deal with that, determine whether it's information that you should be collecting in your normal business process, but if it isn't you have to destroy it really quickly."

He also warned if you were collecting data that was not for your primary purpose of business you could be at risk and recommended increasing the business' scope in a clearly set out policy.

"The small resellers don't have the bandwidth for those sorts of policies to be maintained and policed, and if you have got a business process that has been functioning in a certain way for a long time these people are potentially releasing information not knowing that their current business process is broken.

"But you have got a certain amount of leverage as long as you are documenting certain procedures."

The Missing Link security manager, Aaron Bailey, said client take up was still slow in terms of preparation for the changes.

He said providing education and partnering consultants who could conduct, Privacy Impact Assessments (PIA) was a good starting point.

"These can be conducted either holistically to the clients complete ICT environment as an overview, or during a project lifecycle that implements or updates a system that may handle, hold, access or correct personal information," he said.

"The channel needs to provide clients with consulting around incident response, data breaches, risk assessment and preventative measures."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.