KJR Principal Consultant Sylvia Choa recently shared her expertise and advice for how organisations can solidify their cybersecurity practices in a feature article focusing on Australian privacy law for the Law Society of NSW Journal.
This is an excerpt from the August edition of Law Society of NSW Journal. Read the full piece here.
Australia is not immune to large-scale privacy breaches, which means strong consumer protections are imperative. A 2019 report published by the OAIC about its notifiable data breaches scheme found that 60 per cent of data breaches were the result of a malicious or criminal attack, while 35 per cent occurred due to human error. The health and financial sectors were found to be most at risk.
“Unless people realise this can happen to them, they won’t take it seriously,” says Sylvia Choa, a cybersecurity expert at technology advisory firm KJR.
She tells LSJ that best practice requires three things. First is minimising data collection and only recording what is actually needed, second is opening a two-way conversation with consumers to ensure consent is given, and third is improving data security.
That means corporate box-ticking is no longer good enough. On top of legal protections, such as the implementation of robust privacy policies, Choa says privacy and cybersecurity training must be conducted regularly, and it must be made relevant to the employees, because education and awareness is the key to protecting sensitive information and avoiding the consequences of a breach.
Need robust online security procedures for your organisation? Contact KJR today for an initial discussion.