Australian businesses given data breach crisis management advice
Over 180 business leaders representing some of Australia’s largest organizations met on April 30th to discuss how to prevent a data breach, and how to respond to one, if or when it occurs.
Australian Privacy Commissioner Timothy Pilgrim said that there is evidence to suggest that data breaches are on the rise:
“The Office of the Australian Information Commissioner (OAIC) was notified of 56 data breaches in the last financial year, equivalent to a data breach a week. This is up from 44 in the previous year, an increase of 27 percent,” Mr Pilgrim said.
However, the Privacy Commissioner also noted that he opened a further 59 investigations into other breaches where he wasn’t notified of the incident.
“Serious harm can befall people when the security of their personal information is compromised”, Mr Pilgrim said. “It is our view that whenever there is a real risk of serious harm, affected individuals should be notified.”
Data breach notification is not a mandatory obligation applying generally to government and business in Australia. However, there is increased pressure on the Government to introduce laws to make it a general legal requirement as it is elsewhere.
“As legislative change is considered by the Government, the OAIC has updated a guide to assist agencies and organizations to respond to data breaches,” Australian Information Commissioner John McMillan said.
The updated guide is ‘Data breach notification: A guide to handling personal information security breaches’. It outlines four steps to consider when responding to a breach or suspected breach and also outlines preventative measures that should be taken as part of a comprehensive information security plan.
Data breach notification: A guide to handling personal information security breaches is available here.
•Date: 1st May 2012 • Australia •Type: Article • Topic: ISM