Catagory:Government Regulation, Legislation & Enforcement

1
Mandatory Data Breach Reporting in 60 seconds
2
US Government reaches for data stored on foreign soil
3
The Essential Eight: Strategies for Security for Commonwealth Government Agencies
4
Just one of 734: Australian defence contractor hacked
5
SEC wants to collect more information – but can they protect it?
6
Privacy risks in collecting donations
7
Elon Musk Acquires X.com
8
Time is Running Out – Compliance with new EU Data Protection Rules (GDPR)
9
Together we are stronger – Australia and Singapore partner up on cybersecurity
10
Australia and China to Cooperate Against Cybercrime

Mandatory Data Breach Reporting in 60 seconds

By Cameron Abbott

The notifiable data breach scheme, as outlined in the Privacy Amendment (Notifiable Data Breaches) Act 2017 (Cth), commenced yesterday, 22 February. Under this new scheme, in the event an organisation experiences a data breach that is likely to result in serious harm to any individual, that organisation will be required to notify the Australian Information Commissioner and any affected individual(s) of the breach. This 60 second video will help you prepare your organisation for these changes.

 

US Government reaches for data stored on foreign soil

By Cameron Abbott and Harry Crawford

A significant case for digital privacy is currently before the US Supreme Court, with the US Justice Department fighting it out against Microsoft in a bid to gain access to emails held on Microsoft’s servers in Dublin. The US Justice Department is seeking to use a search warrant to access the emails in Ireland in a drug trafficking case. If a precedent is set which allows the US government to access data stored on foreign soil, that could have a significant impact on privacy rights on a global scale.

Read More

The Essential Eight: Strategies for Security for Commonwealth Government Agencies

By Cameron Abbott, Keely O’Dowd and Olivia Coburn

The Federal Parliament’s Joint Committee of Public Accounts and Audit, tasked with inquiring into the cyber resilience of certain Commonwealth entities has recommended that all such entities adopt a cyber security mitigation strategy called the Essential Eight.  The Committee made this recommendation in its Report 467: Cybersecurity Compliance Inquiry based on Auditor-General’s report 42 (2016-17) (Report). Tarantino’s Hateful Eight is perhaps a little more convoluted than these simple touchstones of good practice. The Essential Eight are good reading for all enterprises, not just government agencies.

Read More

Just one of 734: Australian defence contractor hacked

By Cameron Abbott and Olivia Coburn

A hacker has breached the computer system of an unnamed defence contractor and stolen 30 gigabytes of data, including information on Australia’s $17 billion Joint Strike Fighter program.

The data breach, which the Australian Government publicly disclosed last week, also includes information about Australia’s $4 billion P-8 surveillance plane project, Collins Class submarines and the warships HMAS Canberra and HMAS Adelaide. The Government has emphasised that the stolen data is commercially sensitive but not classified.

The announcement coincides with the release of the Australian Cyber Security Centre’s 2017 Threat Report, available here, which reveals that the hack is among 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.

Read More

SEC wants to collect more information – but can they protect it?

By Cameron Abbott and Olivia Coburn

The United States Securities and Exchange Commission (SEC) is facing scrutiny on its handling of a data breach that occurred in 2016 – but was only publicly disclosed on 20 September 2017.

Hackers accessed information on corporate filings intended for investors, which would be used for insider trading.

Read More

Privacy risks in collecting donations

By Cameron Abbott and Olivia Coburn

Charities are increasingly employing commercial approaches to funding, lobbying and fundraising to fuel their invaluable work. In doing so, charities need to be cautious of mishandling the donor’s personal information that they collect together with the donation.

Donors are frequently being asked to provide information such as home address, email address and their mobile phone number. In some instances charities will not accept money unless this personal information is also provided.

Read More

Elon Musk Acquires X.com

By Cameron Abbott and Olivia Coburn

Elon Musk has repurchased X.com, a website he created 18 years ago in 1999, although his intentions for the purpose of the domain remain unclear.

X.com was one of the world’s first online banks, insured by FDIC and partnered with Barclays. X.com was initially intended to be full service online financial institution, but could not overcome regulatory challenges. At that time, financial regulatory systems were not equipped to deal with the products that X.com was offering, which included online savings accounts, brokerage services and insurance products.

Read More

Time is Running Out – Compliance with new EU Data Protection Rules (GDPR)

By Cameron Abbott and Edwin Tan

Companies are failing to prepare adequately for the new EU General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, less than a year from today.

A partner at Crowe Horwarth was quoted in the Financial Times as saying that a recent survey found that over 60% of financial services companies were only just starting to get ready for GDPR, or were still trying to understand the gaps they needed to address. This is a particular concern as long timeframes may be needed to remedy any identified gaps, particularly where legacy IT systems are used. In addition, other companies are viewing the GDPR as a “nuisance”, treating it as a check-box ticking exercise rather than a serious compliance issue.

The GDPR will require companies to adopt much stricter procedures and processes when handling customer data. The maximum fine for non-compliance is 4 percent of the previous year’s annual global turnover, or €20 million, whichever is the greater. In addition, company executives can also face criminal penalties if deemed responsible for data breaches.

Companies must start work immediately on implementing changes required by the GDPR in order to avoid exposure to significant liability. Read more about the GDPR here.

Together we are stronger – Australia and Singapore partner up on cybersecurity

By Cameron Abbott and Allison Wallace

A freshly inked Memorandum of Understanding between Australia and Singapore will see the two countries strengthen their cybersecurity through a joint effort to build a secure and resilient cyber space.

The two-year partnership which was signed last week, will see Singapore’s Cyber Security Agency work with the Australian government to conduct regular information exchanges on cyber threats, share best practices to promote innovation in cyber security, and build cyber security capabilities. Read More

Australia and China to Cooperate Against Cybercrime

By Cameron Abbott and Edwin Tan

On 21 April 2017, Australian and Chinese Government representatives attended the inaugural Australian-China High-Level Security Dialogue. The Dialogue was launched to promote discussion between the two countries in the areas of counter-terrorism, cybercrime and other important security issues.

According to a joint statement by both parties, Australia and China reaffirmed their commitment to cooperate on cybersecurity issues. The key commitments include:

  • supporting the work of the UN Group of Governmental Experts and to act in accordance with its reports;
  • establishing an information-sharing mechanism to assist in combating cybercrime and preventing cyber incidents that could cause problems between the countries;
  • working together against internet distribution of child sex abuse material, e-mail scams and other transnational cybercrime activities;
  • discussing options for joint operations against cybercrime; and
  • exchanging cybersecurity delegations and regulatory documents to enhance understanding, cooperation and mutual trust.

The second High-Level Security Dialogue session will be held in China in the first half of 2018. One imagines that this is a tricky dialogue to foster, but clearly Australia takes the view of better off having China “in the tent than out”.  Read the joint statement here.

Copyright © 2024, K&L Gates LLP. All Rights Reserved.