Regulatory demands around how security incidents are handled are increasing in several areas. One of the main, and most pressing (oppressing?) sets of requirements comes from GDPR, but PSD2 also has a set of standards.
Read More
PSD2 – The second EU Payment Services Directive – is set to open up and expand the range of financial services offerings and organisation types way beyond the traditional banks. As a directive the payment services rules are defined by the EU but must be implemented by member states in either local legislation or regulations.
Read More
Should the changes to privacy laws make us rethink log retention? Does your Security Operations Centre (SOC) collect and store logs? The answer is, almost certainly ‘yes’. Even the most basic security operations activities include analysing security events, such as those produced by end user computers, web filters, email systems, databases and network appliances.
Read More
With 63 reported data breaches in the first six weeks, the OAIC has its work cut out. Australia’s Mandatory Data Breach Notification(MDBN) scheme came into force on 22nd February 2018, and in the first six weeks there have been 63 cases reported to the Office of the Australian Information Commissioner (OAIC).
Read More
Much has been written about the processes, technologies and overheads of handling data breach notifications from the point of view of the organisations that may suffer breaches. Less has been mentioned on effects of these notifications on data subjects or on other, seemingly unaffected organisations.
Read More
The Australian Prudential Regulation Authority (APRA) regulates Australia’s financial services industry and, as such, has responsibility for compliance and governance over all aspects of the finance industry. This is a wide and complex remit, since financial services cover a wide range of specific business types, so when they announced their draft standard for cyber security last week, APRA CPS 234, it immediately begs the question, how can it be applied?
Read More
Across the EU, and internationally, security teams are wrestling with the incoming (or pre-existing) legislation on privacy, security, data protection and mandatory data breach notification or reporting.
Read More
As the GDPR deadline looms there are still programmes and projects underway in many organisations to achieve compliance – both private and public sector. It is easy to characterise GDPR and its requirements (including for data breach notifications) as a boon for consumers and a challenge for businesses or a marketing opportunity for consultants and lawyers and a life sentence for security teams.
Read More
Read MoreFebruary 22nd is fast approaching, this is the day that mandatory data breach notification (MDBN) finally becomes law in Australia.
As 2018 dawns, the time to achieve compliance with GDPR tightens. Issues like the right to be forgotten and the need to set up processes to handle data breach notifications become pressing issues. For some organisations the process of issuing a data breach notification itself will be completely new.
Read More