Australia Updates Breach Guidance

Response Guide Calls for Risk Analysis Approach
Australia Updates Breach Guidance

The Office of the Australian Information Commissioner has released new guidance for agencies and organizations to respond effectively to data breaches.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

Titled "Data breach notification: A guide to handling personal information security breaches," the guidance is an update of an August 2008 document that was prepared "to keep pace with the changing attitudes and approaches to data breach management," according to the OAIC.

The voluntary guide calls for a risk analysis approach. "Agencies and organisations should evaluate data breaches on a case-by-case basis and make decisions on actions to take according to their own assessment of risks and responsibilities in their particular circumstances," OAIC explains on the guide's resource page.

According to the resource page, the guide was developed for the Australian government, private sector organizations and Norfolk island agencies, all of which handle personal information covered by the Privacy Act.

The guide explains that organizations should put in reasonable measures to deal with data breaches, including notification to affected individuals and the OAIC, "while legislative change is considered by the government."

In implementing security safeguards around personal information, the guide suggests organizations consider the following steps in fulfilling their information security obligations:

  • Conduct risk and privacy impact assessments;
  • Develop an information security policy;
  • Train staff;
  • Create a position to deal with data breaches;
  • Implement privacy enhancing technologies;
  • Monitor and review for compliance with security policy;
  • Measure performance against Australian and international standards.

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.