Cybersecurity regulation and enforcement

The Department of Home Affairs has released a discussion paper Strengthening Australia’s cyber security regulations and incentives for consultation.

The paper discusses possible regulatory changes and policy options in three areas:

  • Setting cyber security standards for corporate governance, personal information and smart
    devices;
  • Increasing transparency through cyber security labelling for smart devices and software vulnerability disclosure policies;
  • Protecting consumer rights through direct right of action for privacy breaches.

In the area of financial services the paper refers to APRA’s Information Security Standard CPS 234 (discussed here) and ASIC’s action in the Federal Court against an Australian financial services licence (AFSL) holder, RI Advice, which alleges failure to implement and maintain adequate cyber security and cyber resilience measures in contravention of its obligations under s912A of the Corporations Act 2001. Background.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.