Australia has been an important site for digital development in the past decade. From the wide-ranging innovations to focus on digital innovation and transformation, it’s a core priority. During this time, there has also been a rapid increase in consumer digital data held by businesses making data security the topic of scrutiny among the public and policymakers alike. Maintaining a strong digital fortress is, therefore, the top imperative for businesses if they wish to sustain consumer trust.
The public demand for data security is reflected in improving data regulations. This is a domain where Australia − thanks to our Notifiable Data Breach (NDB) legislation which came into effect in February this year − has a head start.
Other than our home-grown NDB regulations, Europe’s General Data Protection Regulation (GDPR) implementation in May 2018 has set a precedent that is likely to motivate other worldwide governments to further tighten the screws on privacy protection, for instance, by setting punitive financial penalties when companies mishandle customer data, demanding stricter internal risk management controls and putting into law compulsory requirements for data breach notification.
In the global economy, these regulations will affect Australian businesses and the way they handle data – or reap the consequences if not done correctly. Staying informed on best-practice is essential to protecting your business, which is why we are currently touring the FortiExpress, a mobile threat intelligence lab, across regional centres in Australia, educating businesses across the country from Cairns to Geelong.
Steps to take for businesses to protect their data, and themselves
Security and the need to protect sensitive and confidential information is becoming a critical part of business operations and every business needs to be aware of major regional data privacy legislation and how it will apply to them. Non-compliance can be costly and lead to serious damages to their corporate reputation.
For Australian businesses who have yet to consider the tougher data regulations locally and overseas in regions like Europe, now is a good time to start with an information audit and to begin developing awareness. Crucially, they need to ask if they have the infrastructure, data management processes, and IT and cybersecurity technologies in place to protect their business environment. Do they have a robust data protection framework that can detect and mitigate data breaches quickly and effectively? Do they have visibility deep into their infrastructure, and know where their data is, as well as who and what are accessing it?
Cybersecurity is central to compliance with data protection regulations. Organisations must ensure they have the capability to prevent network intrusion and minimise the risk of serious breach by reducing the time taken to detect new threats. They must also have effective and tested post-intrusion responses.
Opportunity to win customer trust and loyalty
With data protection becoming normalised in Australia and countries across the world, it’s likely that we will see a dramatic increase in efforts to achieve compliance and the risks associated with the failure to comply. The latest quarterly report on Notifiable Data Breaches notifications from the Office of the Australian Information Commissioner (OAIC) found they received 245 notifications, almost exactly the same figure as the quarter before. The consistency in data breaches means it is not a fad, bound to go away with time, but also that organisations are still not taking the necessary steps to strengthen their data protection.
For many businesses, customer confidence is already being influenced by their perceived risk of conducting transactions online, or whether their personal data is at risk of being compromised or stolen. Meeting or exceeding regulatory requirements will go a long way towards soothing those concerns.
New data compliance rules also offer an opportunity for businesses to re-evaluate their processes and improve data management and customer loyalty. Updating company data regulations is also an opportunity to achieve competitive differentiation and a way to drive greater customer confidence and trust in their brands. And this goes beyond sending an updated terms and conditions email.
Article by Jon McGettigan, Senior Regional Director A/NZ, Fortinet