Data Security Project

Is your entity fully prepared to detect, defend against, and respond to cyber-attacks and data breaches?

What to do?


Start by assessing whether:


  • Do you encrpyt, pseudonymise, or anonymise personal information whereever possible?


  • Do you have IT policies (BYOD, password, data management, IT procurement, network access) in place? Are they up to date and being complied with?


  • Have you taken the necessary steps to protect personal information under your organisation's control? Do you use encryption for all personal information in transit and at rest?


  • Consider the benefits of conducting data privacy impact assessments (DPIA), and put a process in place to carry it out. Be sure to train relevant employees on the established process.


  • Is personal information secured in locations with limited (or just-in-time) access? Are user, application and backend access controls correct and up to date?


  • Does your organisation test local & cloud-based and third party controlled applications for security suitability and approved for use?


  • Do you ensure that your entity has "fit for purpose" security software and hardware to help with the prevention, detection and response to security incidents? Examples of this include multi-factor authentication on critical systems, anti-virus/mal-ware suites, actively managed proxy firewalls, intrusion detection systems, enterprise incident response applications).


  • Are proactive steps in place to build a holistic privacy culture and awareness (e.g. training, education, phishing and social engineering exercises)?


  • Are relevant security information and performance metrics are being reported to executives and the board?


  • Do you have a process in place to notify the Office of the Privacy Commissioner (PrivCom) and affected individuals in the event of a data breach?

Add a Title
Add a Title
Add a Title
Add a Title