Why businesses should have a privacy audit ahead of February 22

On February 22, the government’s mandatory data breach notification scheme will come into effect. The scheme requires organisations to notify the Office of the Australian Information Commissioner (OAIC) and the affected individual if the organisation experiences a data breach that compromises personal information and is likely to cause serious harm. Failing to comply with the scheme could result in heavy fines as well as the less-tangible loss of customer faith, according to Aleron.

Jason Akkari, Security consultant, said, “All businesses subject to the Privacy Act need to comply with the new scheme. This includes government organisations as well as businesses and not-for-profits with an annual turnover of more than $3 million. If these businesses can demonstrate to customers that they are working hard to protect their privacy, then customers are more likely to remain loyal and it will be easier to attract new customers.

“Some organisations may already have all the right measures in place to comply with the scheme. For others, there may be weak spots in the organisation’s security approach or technologies that make a data breach more likely. Prevention is definitely better than cure in this case, so it’s important for organisations to focus their efforts on making sure they minimise the risk of a data breach.”

There are five key steps businesses should take to prepare for the mandatory data breach notification scheme:

1.  Confirm whether the business is subject to the scheme.
2.  Know what types of information the business’s systems hold.
3.  Put security controls in place to appropriately protect data based on its confidentiality or sensitivity.
4.  Put measures in place to detect potential breaches.
5.  Develop a response plan to effectively react if a data breach is suspected.

To help organisations prepare for the mandatory data breach notification scheme, Aleron is offering a comprehensive privacy audit. Customers will be able to see how their organisation stacks up and will be able to take appropriate steps to plug any gaps.

As part of the privacy audit, Aleron checks all of the organisation’s systems against the Australian Privacy Principles (APP) 13 key privacy principles to identify any gaps. The team then provides a comprehensive audit across all systems that collect and store personally identifiable information to measure their alignment with the privacy principles. This includes chapter 11, which focuses on security of personal information, which is crucial to effectively complying with the data breach notification scheme.

Aleron uses its own proprietary risk assessment platform, to highlight high-risk systems that require action. The process includes measuring the sensitivity of the data and the degree of security gap.
The team then recommends any additional action the organisation may need to take to strengthen its security or improve its processes.

Jason Akkari said, “This process helps businesses focus their resources on fixing the areas of most concern. Aleron’s solution lets businesses make changes at a high level that can then flow through to various systems. This efficient approach helps them plug gaps faster and more effectively.

“Importantly, the privacy audit gives business leaders confidence that their company is ready to comply with the new legislation.”