February 22, 2024

We are creating some awesome events for you. Kindly bear with us.

NSW Government Drafts Data Breach Notification Bill

After over two years of consultation, the government of New South Wales (NSW) has published an exposure draft of its long-awaited bill for mandatory data breach notifications. The bill specifies reporting thresholds ahead of the planned introduction of the scheme.

The exposure draft, which is open for consultation until 18 June 2021, follows over two years of work by the departments of Communities and Justice and Customer Service, as well as the privacy commissioner. NSW became the first state or territory to pledge to introduce such a scheme in February 2020, more than five years after former privacy commissioner Elizabeth Coombs first called for such laws.

The Privacy and Personal Information Protection Amendment Bill intends to fill the gap left by the Commonwealth’s notifiable data breach scheme, which applies to federal government agencies but not state government agencies or local councils. It will require all departments and agencies, state-owned corporations, local councils and some universities in NSW to report breaches likely to result in “serious harm” to affected individuals and privacy commissioner. The bill also closes a regulatory loophole by applying NSW’s Privacy and Personal Information Protection Act to state-owned corporations not already regulated by the Commonwealth Privacy Act.

According to the bill, a serious breach occurs when there is “unauthorised access to, or unauthorised disclosure of, personal information”, which is likely to result in serious harm to individuals involved. Personal information can include photos, contact details and fingerprints, as well as health information about an individual’s physical or mental health, disability or any other information related to the provision of health services.

When the agency suspects a breach has occurred, it must conduct an assessment with 30 days to determine whether it meets the threshold for notifying affected individuals and the privacy commissioner. An extension may be approved if the assessment “cannot reasonably be conducted” within that timeframe, though the agency head will need to report this to the privacy commissioner and provide updates.

In instances where an agency can identify individuals affected by a breach, it must notify them “as soon as practicable”. If the agency is unable to determine the affected individuals, it will be required to publish the notification on a public register for at least 12 months.

Agencies may be exempt from notifying the affected individuals and the privacy commissioner if doing so will prejudice an investigation or is related to matters before the court. Further exemptions exist for agencies that “take action to mitigate the harm done by the breach” before access or disclosure results in serious harm or if notification could lead to further breaches.

The bill will also give the privacy commissioner new powers to enter the premises of entities and inspect anything that may relate to compliance with the scheme, including processes and systems, and conduct audits. The NSW Digital Minister said the introduction of the scheme was supported by the Information and Privacy Commission and Cyber Security NSW “to clarify agency obligations”.

The bill is expected to be introduced to parliament later this year and if passed, will commence following a 12-month period to give agencies enough time to put in place the necessary compliance mechanisms.

The need to boost national cybersecurity

Recently, the Federal Government pledged $745,920 in funds for a new cybersecurity centre to help train and support Australian small businesses to deal with cyber-attacks. While the announcement is welcome news for Australian businesses, it also spells good news for consumers that will benefit from better data security.

The Cybersecurity Aid Centre will be located in Parramatta, NSW, and run by Western Sydney University. Funding for the program will form part of the Cyber Security Business Connect and Protect Grants Program, a government initiative that connects businesses with trusted cybersecurity companies to improve their cyber awareness.

The centre will offer businesses training seminars on cyber response, including how to deal with data breaches, ransomware attacks and email vulnerabilities. Businesses will also have access to a host of resources about cyber-attack including a Cyber Suite and Toolkit.

A hotline will be available to walk both consumers and businesses through the confusing and stressful process of what to do when they are experiencing a cyber-attack, including how to uplift defences as part of effective business operations.

PARTNER

Qlik’s vision is a data-literate world, where everyone can use data and analytics to improve decision-making and solve their most challenging problems. A private company, Qlik offers real-time data integration and analytics solutions, powered by Qlik Cloud, to close the gaps between data, insights and action. By transforming data into Active Intelligence, businesses can drive better decisions, improve revenue and profitability, and optimize customer relationships. Qlik serves more than 38,000 active customers in over 100 countries.

PARTNER

CTC Global Singapore, a premier end-to-end IT solutions provider, is a fully owned subsidiary of ITOCHU Techno-Solutions Corporation (CTC) and ITOCHU Corporation.

Since 1972, CTC has established itself as one of the country’s top IT solutions providers. With 50 years of experience, headed by an experienced management team and staffed by over 200 qualified IT professionals, we support organizations with integrated IT solutions expertise in Autonomous IT, Cyber Security, Digital Transformation, Enterprise Cloud Infrastructure, Workplace Modernization and Professional Services.

Well-known for our strengths in system integration and consultation, CTC Global proves to be the preferred IT outsourcing destination for organizations all over Singapore today.

PARTNER

Planview has one mission: to build the future of connected work. Our solutions enable organizations to connect the business from ideas to impact, empowering companies to accelerate the achievement of what matters most. Planview’s full spectrum of Portfolio Management and Work Management solutions creates an organizational focus on the strategic outcomes that matter and empowers teams to deliver their best work, no matter how they work. The comprehensive Planview platform and enterprise success model enables customers to deliver innovative, competitive products, services, and customer experiences. Headquartered in Austin, Texas, with locations around the world, Planview has more than 1,300 employees supporting 4,500 customers and 2.6 million users worldwide. For more information, visit www.planview.com.

SUPPORTING ORGANISATION

SIRIM is a premier industrial research and technology organisation in Malaysia, wholly-owned by the Minister​ of Finance Incorporated. With over forty years of experience and expertise, SIRIM is mandated as the machinery for research and technology development, and the national champion of quality. SIRIM has always played a major role in the development of the country’s private sector. By tapping into our expertise and knowledge base, we focus on developing new technologies and improvements in the manufacturing, technology and services sectors. We nurture Small Medium Enterprises (SME) growth with solutions for technology penetration and upgrading, making it an ideal technology partner for SMEs.

PARTNER

HashiCorp provides infrastructure automation software for multi-cloud environments, enabling enterprises to unlock a common cloud operating model to provision, secure, connect, and run any application on any infrastructure. HashiCorp tools allow organizations to deliver applications faster by helping enterprises transition from manual processes and ITIL practices to self-service automation and DevOps practices. 

PARTNER

IBM is a leading global hybrid cloud and AI, and business services provider. We help clients in more than 175 countries capitalize on insights from their data, streamline business processes, reduce costs and gain the competitive edge in their industries. Nearly 3,000 government and corporate entities in critical infrastructure areas such as financial services, telecommunications and healthcare rely on IBM’s hybrid cloud platform and Red Hat OpenShift to affect their digital transformations quickly, efficiently and securely. IBM’s breakthrough innovations in AI, quantum computing, industry-specific cloud solutions and business services deliver open and flexible options to our clients. All of this is backed by IBM’s legendary commitment to trust, transparency, responsibility, inclusivity and service.

Send this to a friend