Tag:guidance update

1
Privacy in the time of COVID-19
2
Lead the Way: Liechtenstein and Bavarian Data Protection Authorities Publish Guidance on Data Access and Security
3
APRA raising the bar on Cybersecurity
4
10 Considerations for Developing a Data Breach Response Plan
5
Government Regulation, Legislation and Enforcement Updates

Privacy in the time of COVID-19

Mar 19 2020
Browse archives for March 19, 2020
Posted in

Government Regulation, Legislation & Enforcement, Legal & Regulatory Risk, Privacy, Data Protection & Information Management

Tagged with , , , , , , , , , ,
Share

By Cameron Abbott, Rob Pulham, Michelle Aggromito and Rebecca Gill

Nothing can stop us from talking about privacy, including a pandemic! Yesterday, the Office of the Australian Information Commissioner (OAIC) issued guidance on the collection, use and disclosure of personal information during the COVID-19 pandemic (Guidance). 

It mainly serves as a reminder to organisations that even in these pressing times, they must comply with the Australian privacy regime. However, it also highlights what organisations can collect and do with personal information for the purposes of preventing and managing the spread of COVID-19.

Read More

Lead the Way: Liechtenstein and Bavarian Data Protection Authorities Publish Guidance on Data Access and Security

Nov 09 2019
Browse archives for November 09, 2019
Posted in

Breaches, Privacy, Data Protection & Information Management, Report & Surveys

Tagged with , , , , , , ,
Share

By Cameron Abbott and Max Evans

Drawing on the requirements imposed in respect of privacy and data protection by the General Data Protection Regulation, Liechtenstein and Bavaria have published some useful guidance on several key elements of the relevant regulation.

Read More

APRA raising the bar on Cybersecurity

Dec 01 2015
Browse archives for December 01, 2015
Posted in

Report & Surveys

Tagged with , , ,
Share

By Jim Bulling

At the Association of Superannuation Funds of Australia (ASFA) conference held in Brisbane in the last week of November, Stephen Glenfield, APRA’s General Manager of the South West region indicated that an area of significant interest for APRA during 2016 would be the extent to which superannuation funds were prepared for cybersecurity risks.

Mr Glenfield indicated that APRA would be conducting a thematic review of superannuation funds during 2016 which was designed to provide APRA with much more detailed information about the processes that superannuation fund trustees were putting in place to protect their funds and their members from cybersecurity breaches.

As thematic reviews carried out by APRA are usually precursors to further regulatory or prudential reform, this announcement should alert superannuation funds to expect more comprehensive regulatory requirements in relation to the cybersecurity risks in the near future.

It is expected that APRA will be particularly interested in understanding how superannuation fund risk management frameworks address cybersecurity risks and how trustee boards are involved in the oversight of cybersecurity risk management. A likely focus of the reviews will be investigating the measures which superannuation funds have established to:

  • identify critical assets and data
  • protect such assets and data
  • promptly detect when breaches have occurred
  • respond to breaches including communications and reporting
  • recover from breaches including reinstatement of systems and learnings from incidents.

This initiative comes on the back of ASIC’s release during March of this year of its Report 429 on Cyber Resilience and underlines how Australia’s financial system Regulators are becoming much more concerned about cybersecurity risks.

10 Considerations for Developing a Data Breach Response Plan

Nov 16 2015
Browse archives for November 16, 2015
Posted in

Managing Threats & Attacks

Tagged with , , ,
Share

By Jim Bulling and Michelle Chasser

A quick response to a data breach is key to mitigating its impact. The Office of the Australian Information Commissioner (OAIC) recommends that all entities have a data breach response plan in place and has recently released draft guidance on how to develop such a plan.

The guidance recommends that the plan include setting out the actions to be taken in the event of a breach and the team members involved in those actions. Here are some questions for your organisation to consider based on the OAIC’s draft guidance to developing a data breach response plan.

1. What constitutes a data breach?

2. What actions should your staff take?

3. Who is a member of the response team?

4. When does a breach needs to be escalated to senior management?

5. Who is responsible for contacting and managing any affected individuals?

6. Who decides whether to contact law enforcement or regulators?

7. How are records of data breaches kept?

8. How will you identify and address any weaknesses in data handling that contributed to a data breach?

9. Are there any steps your cybersecurity insurance policy requires you to follow?

10. How will you test your response plan?

The OAIC’s Guide to developing a data breach response plan Consultation draft can be found here.

Government Regulation, Legislation and Enforcement Updates

Apr 20 2015
Browse archives for April 20, 2015
Posted in

Government Regulation, Legislation & Enforcement

Tagged with , , , , , , , , , , , , , ,
Share

by Jim Bulling and Julia Baldi

Australian Federal Government Cybersecurity Review
The Australian Federal Government holds a Cybersecurity Review.

See the Australian Government’s summary of the review here.

SEC Guidance Update
The SEC’s Investment Management Team published a Guidance Update which outlines measures managed funds and investment advisers may wish to consider in addressing cybersecurity risk. The guidance includes practical tips applicable to Australian entities.

See the Guidance Update here.

Read More

Copyright © 2024, K&L Gates LLP. All Rights Reserved.