The Office of the Australian Information Commissioner (OAIC) has released an updated information security guide with tips on stopping rogue employees and advice on using cloud storage offerings.
The <i>Guide to securing personal information</i> replaces the older Guide to information security and is designed to help government agencies and private sector companies meet their obligations under the Australian Privacy Principles (APPs).
The guide now includes steps/strategies to minimise the risk of a trusted employee data breach, for example. There are also tips on designing and building cyber security measures that factor in human error such as accidentally clicking on a bad website.
The guide also advises organisations on how to create a privacy and security aware culture within the workplace, and the necessity for a privacy culture to be driven from the board-level within organisations.
There is also a section on using cloud storage solutions such as Dropbox and the APP requirements that apply when the handling of information is outsourced to a third party provider such as a cloud services company.
In addition, the guide sets out what the OAIC calls the information lifecycle.
This includes five steps:
- Consider whether to collect personal information
- Use privacy by design
- Assess the risks
- Take appropriate steps and put into place strategies to protect personal information
- Destroy or de-identify personal information
- Comms Alliance calls govt plan a 'data creation regime'
- Data retention: It's really, really important (but we still can't give you any details)
- NSW traffic management systems vulnerable, audit finds
- Ditch data retention bill, lawyers argue
- Data retention: Telstra predicts metadata will surface in lawsuits
- Cyber attacks, skills shortage top of mind for ISACA members
- Frost & Sullivan reports strong IaaS growth in Australia
- NSW government adds new cloud services to catalogue
- David Jones’ website hacked
- WA audit unearths flawed database security
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.