ICT Security - Australian Government Legislation

How does the new privacy legislation affect you.

Guide to information security

The new privacy laws coming into affect mean that you now have to ensure that you have taken all reasonable steps to protect not only your data, but your customers data. If you retain any information on your customers on your network, computers, servers, mobile devices etc than this law will have an impact on how you do business. Cyber criminal activity is now reported to be larger than the illicit drug trade. The activity has changed from attacks on large corporations and governments or by 'kids' having fun into coordinated and targeted attacks on all sizes of business by organised criminal gangs.

Edited: 01-02-19

A Guide to Information Security

Privacy and your business

The Privacy Act requires NQBE Integrated I.T to take reasonable steps to protect your personal information (which includes sensitive information). But it's not just about compliance for us, we also risk:

• Loss of reputation and the valued trust of our customers

• Causing harm to you and your business

• A reduction in business function and activity

Privacy by Design

All of our processes, systems, products and initiatives have been built with privacy in mind, beginning at the design stage.

What are reasonable steps?

Reasonable steps will always depend on the circumstances, including the following:

• Nature of entity holding the personal information

• Nature and quantity of personal information held

• Risk to individuals if personal information is not secured

• Data handling practices of entity holding the information

• Ease of implementation of security measure

Steps and strategies that may be reasonable to take include:

Governance

• Robust information asset management

• Dedicated individual or body responsible for managing personal information

• Governance arrangements to:

- implement and maintain information security plans and measures

- promote awareness and compliance

ICT security

• Whitelist and/or black list entities, content or applications

• Up to date software security

• User authentication

• Policies to prevent inappropriate or unauthorised access

• Point of access logs and audit trails

• Encryption

• Network security measures

• Testing ICT systems and processes

• Back ups

• Communications security measures

Data breach

• Develop data breach response plan

• Train staff about how to respond to data breaches

• If you are facing a data breach use the OAIC’s Data breach notification guide www.oaic.gov.au

Physical security