Mandatory Breach Reporting. What’s Changed and How You’ll Know You’re Ready.

April 6 2018, by Stuart Buxton | Category: Cloud Services

Data matters. Where it lives. How it’s managed. And how it’s secured. Yet last year, over 31% of Australian organisation were breached1. So how will you know when you’re ready? New Mandatory Breach Reporting obligations now apply for organisations with personal information security obligations under the Privacy Act. In the event of an eligible data breach, the Australian Information Commissioner must be notified, along with each and every individual exposed to serious harm. Corrective steps must follow.

This is more than a legal risk. Studies suggest the true reputational costs of data breaches already exceed $4.6M AUD per case. Data breaches can never again be considered an ‘IT issue”. They’re a legal issue. A board issue. A brand issue. A customer issue. A trust issue. And more.

Nowhere is this more important than in the Cloud Services space, which, while it can be trans-formative, is by its very nature distributed and potentially vulnerable. New legislation encompasses both public and private organisations in credit, finance, health, but can also span TFN recipients and even not-for-profits above a qualifying level of turnover. If your Cloud Services provider issues such a notice, your data or your customers data, may be on the hook as well.

It’s OK. There are assets out there that help to show you exactly where the goalposts are now. And how to get exactly where you want to be.

  • The Office of the Australian Information Commissioner has issued a guide to securing personal information that makes an excellent starting point.
  • Net Promoter Scores are a valuable guide, as they show the experience customer have with their providers, how willing they are to recommend them, and the level of trust in their solutions.
  • Compliance and Certifications frameworks can also help you differentiate between providers. Standards vary by industry, but key benchmarks include ISO 27001 (Data Security), PCI (Individually Identifiable Data) or ISM (Government).
  • Implement a defence-in-depth approach with your preferred partner or partners. Because part of a solution is no solution at all. Complete protection must encompass:
1.       Physical security 2.       Tiered Security Requirements
3.       Anti-Virus 4.       Intrusion Identifications & Prevention
5.       Virtual and Appliance-based Firewalling 6.       Micro-segmentation
7.       Secure connectivity 8.       Secure Backup and Recovery
9.       Secure Policies & Processes 10.   Secure Access, Monitoring & Logging

 

Macquarie Cloud Services are uniquely placed to meet your requirements.

We are Australia’s most-recommended provider, and leader in Government cloud services. We operate our own sovereign Australian Data Centres backed 24/7 with over 100 NV1 certified Australian engineers, are a leading business-facing Telco and sit on the Australian Cyber Security Council along with the AFP, Attorney’s General and ASD. Make our team yours today, with an obligation free vulnerability assessment. Because mandatory breach reporting legislation changes everything.

 

1 Malwarebytes Survey, Aug17