With ever-increasing security requirements, including Australia’s recent NDB (Notification of Data Breach) and the EU’s GDPR (General Data Protection Regulation), ensuring compliance is a business-critical function of your IT department. But compliance alone is not enough – you must be able to PROVE your company’s compliance, and that means consistent, clear reporting and competent data analysis.
Before we look more closely at what compliance really means, let’s review WHO is required to be compliant. First, if your company already has an obligation under APP 11 of the 1988 Privacy Act, it automatically is subject to NDB. These are typically government agencies and private sector and not-for-profit companies with an annual turnover of at least $3 million. “However, some businesses of any size are APP entities, including businesses that trade in personal information and organisations that provide a health service to, and hold health information about, individuals,” notes the Office of the Australian Information Commissioner.
If your company falls into one of these categories, are you certain your company is compliant – and can prove compliance? A recent IBM study showed that data breaches at Australian companies, for example, are not discovered for at least 6 months on average. That means your IT department must be able to look back historically to pinpoint the breach AND determine exactly which data that may have been released.
The same IBM study showed that 2017 detection and escalation costs continue to increase, reaching $1.19 million in 2017 compared to $1.10 million in 2016. Such costs include:
- Forensic and investigative activities
- Assessment and audit services
- Crisis team management
- Communications to executive management and boards of directors
Your first priority is data security itself – prevention is obviously the very best defense against a costly breach. Ensuring data security requires consistent internal assessment and audit … and the ability to demonstrate compliance and pass an external regulatory audit. And, it is this consistent assessment and auditing that will bring a data breach to light much more quickly.
Bottom line, your reporting must be accurate and your staff skilled in analysing the system processes data. Are you confident that you have what you need to ensure compliance? At Blutone Technologies, we specialize in creating secure environments and meeting the regulatory standards to which Australian companies must adhere, including not only NDB but GDPR and other regulations worldwide. Give us a call today.
Not sure if your business data is secure? Request your FREE Cyber Security Audit from Blutone Technologies today at https://www.blutonetech.com.au/freeaudit/. Let us know what you discover – if you have concerns, we’d be happy to help.