Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey

Seventy four per cent out of 50 IT professionals said it was “highly unlikely” their business would be ready

Some Australian IT professionals have admitted that their organisation won’t be prepared for the Privacy Act amendments which come into effect today, according to the results of a new survey.

Senetas (ASX: SEN) conducted phone interviews with 50 IT workers including CIOs, CTOs, security and network managers during January and February 2014.

Seventy four per cent of respondents said it was “highly unlikely” that their organisation would be ready for the amendments, while 15 per cent said that their company would be ready after reviewing their data security arrangements.

Less than 30 per cent of the respondents had detailed knowledge of the amendments or the new Australian Privacy Principles (APPs). In addition, 14 per cent of the IT professionals had sought legal advice about their potential liabilities under the new regulations.

The report also found that for 90 per cent of respondents, data security planning is driven by commercial factors such as cost. In addition, 95 per cent said that any changes needed to minimise the risk of data breaches – and the potential fine of up to $1.7 million for companies –would be subject to budget and implementation time.

According to Senetas CEO Andrew Wilson, this approach to data security was “concerning” following a number of Australian and overseas data network breaches such as the Target United States breach in January 2014.

“Unless Australia adopts mandatory data breach notification, there is a risk that Australia’s sensitive information will be exposed and that collaboration with international markets seeking business partnerships with those that operate under similar jurisdiction,” he said in a statement.

The survey findings follow a similar report conducted by Clearswift in August 2013 with 200 Australian IT managers.

The Enemy Within report found 35 per cent of respondents did not know about the amendments to the Act, while 73 per cent indicated they were unaware of proposed mandatory data breach legislation. The Bill did not pass the senate before parliament rose prior to the September 2013 election and lapsed.

At the time, Australian Privacy Commissioner Timothy Pilgrim said he was working hard to produce more guidance to help organisations understand the revised obligations.

“The Office of the Australian Information Commissioner [OAIC] has provided comparison guides and checklists, as well as releasing guidance on the APPs,” he said.

“By March 2014, businesses will have had 15 months to prepare. The key concepts underpinning the Privacy Act are not new, the private sector have been working with them for over 12 years now."

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the CSO newsletter!

Error: Please check your email address.

Tags Timothy PilgrimAustralian Privacy Principlesprivacy actSenetasprivacy

More about Andrew Corporation (Australia)BillClearswift Asia PacificSenetas Corporation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Hamish Barwick

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place