ICT Security - Australian Government Legislation - 2019 Update | Office Technology | North Mackay | NQBE Integrated IT
  • White Facebook Icon
  • White LinkedIn Icon

Check out our latest news pages, for featured blog posts, social media updates and subscribe to our mailing list.

ICT Security - Australian Government Legislation

November 13, 2014

How does the new privacy legislation affect you.

Guide to information security

 

The new privacy laws coming into affect mean that you now have to ensure that you have taken all reasonable steps to protect not only your data, but your customers data. If you retain any information on your customers on your network, computers, servers, mobile devices etc than this law will have an impact on how you do business. 

Cyber criminal activity is now reported to be larger than the illicit drug trade. The activity has changed from attacks on large corporations and governments or by 'kids' having fun into coordinated and targeted attacks on all sizes of business by organised criminal gangs.

Edited: 01-02-19

A Guide to Information Security

 

Privacy and your business

The Privacy Act requires NQBE Integrated I.T to take reasonable steps to protect your personal information (which includes sensitive information). But it's not just about compliance for us, we also risk:

• Loss of reputation and the valued trust of our customers

• Causing harm to you and your business

• A reduction in business function and activity

 

Privacy by Design

All of our processes, systems, products and initiatives have been built with privacy in mind, beginning at the design stage.

 

What are reasonable steps?

Reasonable steps will always depend on the circumstances, including the following:

 

• Nature of entity holding the personal information

• Nature and quantity of personal information held

• Risk to individuals if personal information is not secured

• Data handling practices of entity holding the information

• Ease of implementation of security measure

 

Steps and strategies that may be reasonable to take include:

 

Governance

• Robust information asset management

• Dedicated individual or body responsible for managing personal information

• Governance arrangements to:

- implement and maintain information security plans and measures

- promote awareness and compliance

 

ICT security

• Whitelist and/or black list entities, content or applications

• Up to date software security

• User authentication

• Policies to prevent inappropriate or unauthorised access

• Point of access logs and audit trails

• Encryption

• Network security measures

• Testing ICT systems and processes

• Back ups

• Communications security measures

 

Data breach

• Develop data breach response plan

• Train staff about how to respond to data breaches

• If you are facing a data breach use the OAIC’s Data breach notification guide www.oaic.gov.au

 

Physical security

• Security and alarm systems

• Access logs

• Workplace design

• Secure work and storage spaces

• Clean desk policy

• Storage and movement of files audited and monitored

 

Personnel security and training

• Appropriate security clearances

• Staff training (including contractors and service providers)

• Employee exit procedures

 

Workplace policies

• Policies documenting security matters, such as physical and ICT security

• Conflict of interest policy addressing handling of personal information of person known to staff member

• Policies addressing use of portable/ mobile devices, and staff’s own devices • PSD, BYOD and offsite work policies

 

Information life cycle

• PIAs and information security risk assessments conducted for new or changed acts or practices

• Collection practices periodically reviewed

• Personal information protected:

- during system upgrades

- when passed to/handled by a third party

• Policies for data retention and destruction

• Outsourcing contracts address handling of personal information

 

Standards

• Relevant international, Australian and industry/sector standards on information security

• Compliance with standards tested internally or by third party Monitoring and review

• Operation and effectiveness of information security measures monitored and reviewed regularly

• Changes implemented as a result of monitoring and review

 

 

 

 

Share on Facebook
Please reload

Featured Posts

AltaLink Workplace Assistants receiving enhancements as Xerox makes Security & Productivity top priority

January 14, 2019

1/4
Please reload

Related Posts
Please reload