New data breaches act comes into effect
Australia’s Privacy Amendment (Notifiable Data Breaches) Act 2017 comes into effect today, with almost every business affected.
The regulation will require all businesses to report any data breach “that is likely to result” in serious harm to an individual.
Despite the introduction looming, three in five businesses (59 per cent) are unaware of the incoming legislation and what it means for them, according to Canon Australia’s latest report.
“Third-party suppliers present a cyber security blind spot for many businesses,” said Gavin Gomes, director of Canon Business Services.
“A business’ security posture doesn’t solely depend on its own efforts. Internally, a business could be a fortress, but the walls could come crashing down if a supplier’s security measures aren’t as robust – this should be number one on every boardroom’s agenda at the moment.”
Meanwhile by 2020, the millennial generation is anticipated to make up 42 per cent of the Australian workforce, according to research from Forcepoint, which added when it comes to protecting data, Australia’s young adults are surprisingly carefree.
According to a global report by Raytheon Intelligence, Information and Services, Forcepoint and the National Cyber Security Alliance (NCSA), the proportion of young Australian adults who share passwords with non-family members in 2017 was 37 percent.
The report found 44 per cent of millenials protect their tablet with a password – compared with 87 per cent who protect their mobile with a password and 85 per cent who protect their desktop with a password.
More than 90 per cent of ASX listed businesses, government departments, and large NGOs were exposed to a data breach in 2016, according to Forcepoint.
“Today, these breaches can no longer be swept under the carpet,” said Guy Eilon, country manager – Forcepoint, Australia.
“Compliance with Notifiable Data Breaches (NDB) scheme is only the beginning. The true success of this new law will be judged on the behavioral and cultural shifts that it seeks to drive within our organisations.”
“At best, this moment of legislative history should spark a step-change in the way we secure data – moving from a threat-centric to a human-centric approach; one that protects data at the human point – the intersection of users, data & networks. At the very least, it should start to unravel the scale of the challenge we already face.”