Tuesday, 08 November 2022 22:23

AIIA calls on Government to introduce safe harbour and reconsider proposed penalties for data breaches Featured

By

The Australian Information Industry Association (AIIA) is calling on the Albanese Government to take a positive, collaborative approach to the complex issue of cybersecurity, cautioning against adopting a heavy-handed or exclusively punitive response to recent high-profile data breaches.

The AIIA is a not-for-profit organisation aimed at fuelling Australia's future social and economic prosperity through technological innovation. Its call comes on the heels of the Privacy Legislation Amendment (Enforcement and Other Measures Bill) 2022, currently working its way through the Australian parliamentary process.

The bill states it "would amend three Commonwealth Acts to increase penalties for serious or repeated interferences with privacy, enhance the Australian Information Commissioner’s enforcement powers, and provide the Commissioner and the Australian Communications and Media Authority with greater information sharing powers."

The bill comes in response to a spate of recent high-profile data breaches among Australian organisations such as Optus and Medibank and seeks to increase penalties to the greater of $50 million, 30% of turnover, or three times the value of any benefit obtained through the misuse of information.

However, the AIIA has made a submission to the Senate's Legal and Constitutional Affairs Committee questioning the arbitrary nature and quantum of penalty increases, stating these could have unintended consequences. Further, the AIIA calls on the Government to implement a safe harbour provision in its privacy legislation, protecting businesses from penalties if they can demonstrate good faith and due diligence in reporting, including by implementing best-practice cyber security frameworks.

The AIIA states this would ensure the system encourages transparency and willingness to resolve major data breaches, and to seek assistance in doing so.

It is the AIIA's position that focusing on incentivising help-seeking and reporting behaviours by businesses who have been subject to data breaches is the proper response by Government and legislation.

The problem is, the AIIA states, data breaches can be the result of actors so sophisticated that a breach may well be unavoidable, thus a well-developed privacy and penalty regime ought to be encouraging good behaviour and providing support, instead of being heavy-handed and exclusively punitory.

AIIA CEO Simon Bush said, “All Australians have been concerned with the recent cyber-attacks on major Australian businesses. We rightly have high expectations of organisations who have our data. That is why we want the Government and industry to work together to uplift cyber security and data governance across all sectors. Rather than punishing businesses acting in good faith for being the subject of attacks and breaches, some of which may be beyond their control or instigated by sophisticated actors, we want to see the government work to implement best-practice data security and work with industry to uplift cyber security across the board.

“The Privacy Act review currently underway is the most appropriate vehicle for dealing with powers and penalties needed for privacy protections in a cohesive and coordinated way. As yet, we don’t know whether SMEs will be included in Australia’s privacy regime once the Privacy Act is updated. This is an important decision that will have a significant impact on many organisations.

“Working to build greater capabilities, by upskilling and elevating data practices, is the best way forward for Australia. This starts with growing the skills of Australia’s ICT workforce. Our members tell us regularly that hiring staff skilled in cyber security is one of the most in-demand ICT skills, but this is also one of the leading skills our members tell us they are unable to adequately source in Australia.

The Albanese Government has been responsive to industry recommendations to date, including the AIIA’s call for reconvening the Data and Digital Ministers’ Meeting which met last week, and we hope this will continue," Bush said.

Read 2740 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




WOMEN IN PROCESS MINING VIRTUAL EVENT

Enterprises are looking to integrate AI into process mining to future proof their operations.

The recently formed Australian chapter of Women in Process Mining (WIPM) is hosting a Zoom event from 1pm to 2pm on November 14 on the topic Using AI for Process Optimisation.

WIPM is a community designed for women in process mining; to strengthen their leadership, magnify their influence, and pave the way for process mining together.

The event is being hosted by Chapter Leads Kanika Goel, PhD, Claudia M., and Susana Zavaleta, with special guest speaker Jack Basley from global process mining leader Celonis

Register for the Zoom event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
David M Williams

David has been computing since 1984 where he instantly gravitated to the family Commodore 64. He completed a Bachelor of Computer Science degree from 1990 to 1992, commencing full-time employment as a systems analyst at the end of that year. David subsequently worked as a UNIX Systems Manager, Asia-Pacific technical specialist for an international software company, Business Analyst, IT Manager, and other roles. David has been the Chief Information Officer for national public companies since 2007, delivering IT knowledge and business acumen, seeking to transform the industries within which he works. David is also involved in the user group community, the Australian Computer Society technical advisory boards, and education.

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments