Information security, the Australian Privacy regime, and what it means
for IT security practioners
On the 21st of December 2001, much of the Australian private sector (any
company with a turnover of more than $3 million, and all health related
companies) will start coming under a privacy regime that few outside the
government sector, who have had to comply for almost a dozen years
already, understand or have experience in meeting. Indeed, the final
guidelines from the Privacy Commissioner will only be available at the
start of October. While noncompliance with the national privacy
principles does not yet attract criminal sanctions, it is quite clear
that it will attract the attention of the Privacy Commissioner and the
press.
This presentation is intended to inform you about what is personal and
sensitive information, what you need to do in handling and storing such
information, and what we believe are best current practices in this
area. If you are working for a company that has such common databases as
commercial contacts or staff phone numbers, you do need to consider
whether you, as a IT practioner, are taking all reasonable steps to
prevent unauthorised access, modification, or disclosure to that data,
as well as ensuring its accuracy.
Do you have a data spillage plan? Can you legally send a resume to your
office in New Zealand? When should you destroy private information? If
you can answer all of those correctly, you don't need to come.