This presentation covers:
- The obligations to keep information secure and report data breaches under the Security of Critical Infrastructure Act 2018, the Privacy Act 1988, APRA Prudential Standard CPS 234 and the Corporations Act 2001.
- The obligations and best practices for:
- Preparing for a cyber incident;
- Reporting to regulators before, during, or after a cyber incident; and
- Responding to the consequences of a cyber incident.
- Preparing for the foreshadowed overhaul or the Privacy Act 1988 (Cth)
- The importance of a fit-for-purpose information and data governance framework to improve information security and minimise risks and costs in the event of data breach, and for integrated reporting to the board to enable adequate risk management of data and technology risks
- Ensuring that the risk management framework is fit for purpose to adequately manage risks at the intersection of data, technology and regulatory compliance