We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Privacy Commissioner launches Guide to Information Security

The Office of the Australian Information Commissioner's Privacy Week has begun in earnest with the unveiling of a Guide to Information Security in Sydney today."

Privacy Commissioner Timothy Pilgrim told delegates at a breakfast briefing that the Guide includes a list of non-exhaustive steps which would be reasonable for an entity to take before new Australian Privacy Principles (APP) reforms take place in March 2014.

The reforms update the Privacy Act 1988 and include changes to how personal information is handled, such as when it can be used for direct marketing and sent overseas.

Commenting on the Guide, Pilgrim said that if an organisation mishandles the personal information of its customers it risks loss of trust and considerable harm to the company's reputation.

"This can also lead to loss of customers and an impact on the organisation's ability to function," he said.

The Guide includes a number of steps including robust information asset management, white list or black list entities, up-to-date security software, user authentication and policies to prevent inappropriate access. It also recommends that organisations develop a data breach response plan and train staff about how to respond to data breaches.

In addition to information security, the Guide has some tips on improving physical security including access logs, alarm systems and audits of paper files.

The state of data breaches

Financial, health data dumped in Sydney rubbish bins

Get ready for Privacy Act changes: Privacy Commissioner

Privacy by design

Turning to the Guide's privacy aspects, Pilgrim recommended that people look at privacy by design. This involves building privacy into processes, systems, products and initiatives at the design stage.

"Privacy by design is also the focus of Australian Privacy Principle One which requires entities to take reasonable steps to implement systems to show compliance," Pilgrim said.

"Taking privacy by design will be the best insurance your organisation will have against data breaches."

While the Guide is "not binding" he said it sends a clear message about what organisations need to do in the area of information security.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model