Cyber Security: A challenge all organisations should take seriously
The Mandatory Notifiable Data Breach (MNDB) scheme which passed into law in 2022 will take effect in NSW from November 28, 2023.
This amends the Privacy and Personal Information Protection Act 1998 (PPIP Act) and extends responsibilities to notifying the NSW Privacy Commissioner and affected individuals following an ‘eligible data breach’.
Whilst the legislation largely affects NSW public sector agencies, it is relevant to:
NSW is the first state to adopt such legislation, and the Queensland Government is currently reviewing similar reform.
Changes take effect in less than 4 months. Here’s what to consider. There are key areas agencies and corporations should review (or apply resources to) before November 28:
Data governance and data risk management.
I can’t overstate how important it is for agencies and contractors to:
I recently heard an interesting analogy which compared data to calories –
Have an appropriate Incident Response Plan (IRP)
An IRP must be more than a box-ticking exercise in your risk management framework.
It should be carefully configured and fit-for-purpose; periodically tested and updated; with clearly identified roles and responsibilities (including contingency plans).
Make Cyber Security everyone’s business
A cyber event can profoundly impact many people’s lives. Just as data can deliver value for an organisation, there should be a culture of shared responsibility for protecting it. The mindset around cyber security should be that of a ‘Team Sport’, where risk ownership rests with a wide group across the business, including the C-Suite and Board.
Find out more
Need more information? Get in touch and I’ll be happy to assist.