BUSINESS owners and leaders will have to count extra cyber security and data breach contingency plans as part and parcel of everyday business from now on, with the recent passing of the Federal Government’s Privacy Amendment (Notifiable Data Breaches) Bill 2016.
The Bill further enshrines Australian Privacy Principle 11, which requires all Australian entities to take reasonable steps to secure personal information they hold.
According to the ACS, the professional association for Australia’s ICT sector, the legislation will produce a heightened focus within the public and private sectors on all aspects of cybersecurity.
The ACS said for ICT professionals, the Bill gives overdue recognition to the importance of data in the digital economy and the potential for serious harm where, through accident, malfeasance or cyber attack, a data breach occurs.
“As we transition to a digital economy, now more than ever the focus must be on ensuring Australia captures the opportunities of the information age, while protecting the rights of the individual,” ACS president Anthony Wong said. “This legislation will be a critical step forward in the elevation of data protection and cybersecurity issues on the C-suite agenda.
“In an era of Big Data, the protection and privacy of personal information must be a primary consideration in the planning and construction of large scale ICT systems, not an afterthought.
“Given the growing problem of cyber crime, the ACS strongly supports initiatives which demand both the public and private sectors act to prevent cyber threats and address their consequences.
“Over and above the specific legal mechanisms of the new Act, the ACS believes it will give issues concerning data protection and cybersecurity a new level of transparency, lifting overall awareness of cyber safety, how to mitigate risk and ultimately providing better protection for individual citizens. While nothing is ever 100 per cent secure, the Act promises to give Australians who provide personal information to government and business greater confidence,” Mr Wong said.
“To deliver on the promise of this new legislation it is critical to recognise that cybersecurity is a collective responsibility, relevant at all levels of an organisation.
“The ACS looks forward to working with government and industry on best practice approaches to ICT security systems and protocols and the education and training of ICT professionals to meet both the spirit and the letter of the new legislative requirements.”
Mr Wong said the ACS had for many years been a vocal advocate of regulation mandating data breach notification and strongly endorsed the guiding purpose of the Bill, “to allow individuals to take steps to protect themselves from a likely risk of serious harm resulting from a data breach”.