The Australian Prudential Regulation Authority (APRA) regulates Australia’s financial services industry and, as such, has responsibility for compliance and governance over all aspects of the finance industry. This is a wide and complex remit, since financial services cover a wide range of specific business types, so when they announced their draft standard for cyber security last week, APRA CPS 234, it immediately begs the question, how can it be applied?
Read MoreAcross the EU, and internationally, security teams are wrestling with the incoming (or pre-existing) legislation on privacy, security, data protection and mandatory data breach notification or reporting.
Read MoreAs the GDPR deadline looms there are still programmes and projects underway in many organisations to achieve compliance – both private and public sector. It is easy to characterise GDPR and its requirements (including for data breach notifications) as a boon for consumers and a challenge for businesses or a marketing opportunity for consultants and lawyers and a life sentence for security teams.
Read MoreRead MoreFebruary 22nd is fast approaching, this is the day that mandatory data breach notification (MDBN) finally becomes law in Australia.
As 2018 dawns, the time to achieve compliance with GDPR tightens. Issues like the right to be forgotten and the need to set up processes to handle data breach notifications become pressing issues. For some organisations the process of issuing a data breach notification itself will be completely new.
Read MoreAs the title suggests, there are two communities who will very soon be forced to come to terms with data breach notifications as these are required by the EU GDPR that comes into force in May 2018.
Read MoreWe hear various cyber security quotes in conversations about threats and risks and the need to protect information. There are a few things that are perennially the case in the field of cyber security – they all hinge around really rapid growth:
Read MoreWhen organisations investigate their obligations under GDPR one of the most significant challenges is the mandatory nature of the breach notification process. Organisations have 72 hours to inform regulators and notify data subjects as soon as possible thereafter. This blog look at some key considerations when researching GDPR Data breach notification service providers.
Read MoreOne of the most hotly talked about requirements of the EU GDPR is the need to notify the authority within 72 hours of when a data breach is detected (in the UK this is the ICO – www.ico.org.uk). This requirement for data breach notifications is not unique to the EU, GDPR is supra-national so it applies to all organisations that process the data of EU citizens. Additionally, other countries have, or are planning, similar rules to mandate. The UK will have to implement equivalent rules after Brexit in order to continue to exchange information with the EU; but countries like Australia have also set out their own mandatory data breach notification requirements which are similar to the EU.
Read MoreThe new GDPR data breach notification requirement will, from May 2018, impose a need for businesses to advise the data protection authority (in the UK this is the ICO) when they have a notifiable privacy breach.
Read More