How resellers can become protectors of privacy

By on
How resellers can become protectors of privacy
Page 1 of 2  |  Single page

For many businesses, security and privacy is an afterthought. By mid-March, that could all change. Australia is set to endure a massive legal shake-up that could see the Federal Privacy Act become a formidable, prescriptive framework requiring scores of businesses to make security and privacy a priority.

The reforms to the Federal Privacy Act will consolidate and toughen Australia’s disparate privacy laws and give the Federal Privacy Commissioner greater powers of enforcement. The changes were recommended in a landmark 2008 report by the Australian Law Reform Commission. In 2011, the federal government announced it would adopt the reforms, which are slated to come into force on 12 March this year.

There are potentially dramatic impacts on the technology sector which, up until now, has had little legal obligation to beef up security and privacy controls.

“Right now, organisations are beholden only onto the pressure from customers and partners to improve their security posture and prevent breaches,” says Bob Robson of Melbourne-based security reseller and consultancy IPSec. 

“And those organisations that are penetrated could simply sweep it under the carpet.”

The reformed Act introduces requirements and obligations for government agencies and organisations with revenues above $3 million to better protect customer information. It demands that these organisations make clear to customers when their data will be collected, where it will be stored and how it will be used. Any changes to the use of data must be made clear to all affected customers. 

It requires organisations take complete responsibility if their offshore cloud providers are breached, resulting in a compromise of customer data, unless those providers agree or are lawfully required to comply with the new requirements of the Australian Privacy Act. Checkbox compliance could be a thing of the past; after March, organisations could be required to not only purchase security tools, but allocate resources to properly configure and monitor them for aberrations that indicate hackers are inside a corporate network.

At the extreme, we could see supermarket rewards schemes such as flybuys have short URLs printed on receipts that point shoppers to the program’s privacy schemes and checkbox to opt in or out.

READ MORE:

• What is in The Privacy Act?

• The new Privacy Act means opportunities for ‘trusted advisors’

• Sponsored column: What the new principles mean

Government guidance

The conservative federal government could opt to mandate the reform’s sister legislation, the shelved Privacy Alerts Bill 2013, which requires mandatory data breach reporting. This would shine a light on cyber theft for all to see; if hacked, a business could be forced to apologise in national newspapers for not having invested enough in security – and fined up to $1.7 million for serious breaches. 

Robson points out that the reforms may be less prescriptive if the Office of the Australian Information Commissioner (OAIC) is more flexible in the new laws’ security requirements. There is lack of clarity on the interpretation of what are ‘reasonable steps’ to secure customer data. 

Despite the release of the official guidance from the OAIC, the real-world impact remains vague. Laureen Smith, Asia-Pacific vice-president at file sharing software vendor Workshare, says one weakness of the legislation is that “unlike foreign policies regimes... there is no distinction between a ‘data controller’, one who controls and collects the information, and a ‘data processor’, one who holds and processes information on behalf of the ‘data controller’. 

“In foreign privacy policies, limited obligations are placed on the ‘data processor’, while within the Australian legislation there still is an element of uncertainty in the allocation of risk. This makes it particularly challenging when selecting a cloud provider, as the extent of non-compliance risk that rests on the cloud provider and that passed back to the customer is unclear.”

While plenty of questions remain, it is clear that only a brave organisation would risk doing nothing to prepare for the reforms. And here is where opportunities for the channel exist. If the government takes a hard line, IPSec’s Robson says “there could be a flood of purchasing of security gear by organisations”.

Next: Risks and opportunities

Next Page
1 2 Single page
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © nextmedia Pty Ltd. All rights reserved.
Tags:
breaches data privacy reforms security

Partner Content

Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Secure, integrated platforms enable MSPs to focus bringing powerful solutions to customers
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro

Sponsored Whitepapers

Easing the burden of Microsoft CSP management
Easing the burden of Microsoft CSP management
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

Australian MSP Index launched

Australian MSP Index launched
Ingram Micro Ushers in the Age of Ultra

Ingram Micro Ushers in the Age of Ultra
Announcing Pipeline 2025 tickets, theme & initial speakers

Announcing Pipeline 2025 tickets, theme & initial speakers
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security

Log in

Email:
Password:
  |  Forgot your password?