blog

Governments are getting serious on Cyber Security. You should, too

Cyber Security: A challenge all organisations should take seriously

The Mandatory Notifiable Data Breach (MNDB) scheme which passed into law in 2022 will take effect in NSW from November 28, 2023.

This amends the Privacy and Personal Information Protection Act 1998 (PPIP Act) and extends responsibilities to notifying the NSW Privacy Commissioner and affected individuals following an ‘eligible data breach’.

Whilst the legislation largely affects NSW public sector agencies, it is relevant to:

  • any private sector business contracting to government/public sector agencies (e.g.,an IT firm hosting, collecting, processing agency data)
  • most businesses, as the legislation guidelines can help enhance cyber security.  

NSW is the first state to adopt such legislation, and the Queensland Government is currently reviewing similar reform.

Changes take effect in less than 4 months. Here’s what to consider. There are key areas agencies and corporations should review (or apply resources to) before November 28:

Data governance and data risk management.

I can’t overstate how important it is for agencies and contractors to:

  • clearly understand your data landscape, and what data you are holding
  • have robust data governance measures relating to the collection, storage and purging of Personally Identifiable Information (PII) and other sensitive data.

Also consider:

  • why the data is being collected
  • what this data is used for, and if it’s still required
  • the legal obligations and value in retaining data versus the risk and cost of doing so
  • how to keep data secure on an ongoing basis, given cyber threats will only increase

I recently heard an interesting analogy which compared data to calories –

  • It is necessary but make sure you don’t collect it to excess
  • Ensure that you are consuming/collecting the right sort (only that which you need or are legally required to hold)
  • Keep asking yourself, do you need it, and can you get rid of some? Do you have a purging policy for safely disposing of data and, if not, can this be introduced?

 

Have an appropriate Incident Response Plan (IRP)

An IRP must be more than a box-ticking exercise in your risk management framework.

It should be carefully configured and fit-for-purpose; periodically tested and updated; with clearly identified roles and responsibilities (including contingency plans).

Make Cyber Security everyone’s business

A cyber event can profoundly impact many people’s lives. Just as data can deliver value for an organisation, there should be a culture of shared responsibility for protecting it. The mindset around cyber security should be that of a ‘Team Sport’, where risk ownership rests with a wide group across the business, including the C-Suite and Board.

Find out more

You can access informationon the Scheme here

Need more information? Get in touch and I’ll be happy to assist.

Other
Blogs.

View All
Corporate Health, Wellness and Mental Health
Read more

Corporate Health, Wellness and Mental Health

Election Update for Clubs and Pubs
Read more

Election Update for Clubs and Pubs

Quick Links.

Staff
Steadfast
Assurex Global
The Little Blue Book (Values)
KidsXpress
Corporate Governance
Careers
Our Team
Blog & More
Little Blue Podcast
Pay Online
Contact Us

Our Services.

Credit and Financial Risks
Financial Planners
Food and Beverage
Funds Management
General Insurance
Hospitality
Professional Risks
Transport and Logistics
Workers Compensation

Associations.

Lodge a Claim.

Your broker or Claims Manager will be in touch within 24 hours

Report a Motor Vehicle Claim
Report a Claim

Get in Touch.

The Old Presbytery 137 Harrington Street
Sydney NSW 2000

Tel: +61 2 8274 8100
Fax: +61 2 9252 5882

Suite 418, Level 4, Hub Anzac Square, 200 Adelaide Street, Brisbane QLD 4000

Tel: +61 2 8274 8100

Suite 219, 627 Chapel Street, South Yarra, Melbourne VIC 3141

Tel: +61 2 8274 8100
Privacy Policy © GSA Insurance Brokers Pty Ltd    |    ABN: 34 084 437 196   |   AFSL 238477
Website Built by Combinate™ YYYY