Information Security

Bennett & Philp's Infosec Team draw on their IT industry experience in computer programming, website development and intellectual property knowledge to provide clients with the right intelligence to mitigate any security risks for stored company, personal and client information. 

The new  data breach notification laws, legislated by the Australian Parliament in February 2017, will see companies taking a much greater interest in protecting their intangible assets from cyber security incidents to avoid data breaches. 

A business’ intangible assets, which include intellectual property, business development documents, tenders, client lists, employee’s sensitive health and payroll information and financial reports and other confidential information, are all of value to competitors, current and former employees, contractors, data traders and other threat actors.

Companies and businesses are continuing to develop cyber resilience to defend against these risks but, as the cyber maturity of companies increases, so does that of the threat actors.

What are information security incidents?

Information security incidents are no longer limited to Ransomware or the theft of client lists but now cover a broad spectrum of incidents including:

  • denial of service attacks;
  • data breach by third party providers;
  • loss of confidential information;
  • brute force attacks;
  • email addresses or websites being blacklisted;
  • Malware and Trojan infections;
  • phishing emails;
  • loss of mobile devices;
  • unauthorised access to information by external or internal users;
  • unauthorised modification of information, and
  • website defacement.

Given the breadth of data held by companies, the reputational, developmental and financial impact from a cyber security incident is so significant that it can, not only incapacitate a business but it can, directly affect the business’ employees and the business’ partners and customers. 

What are the new requirements for Mandatory Breach Notification?

The new Privacy Amendment (Notifiable Data Breaches) Bill 2016 is likely to come into force by the end of 2017. The new regime for mandatory data breach notification in Australia will force big businesses to notify individuals when their personal and client information has been lost, accessed without authorisation or taken. 

Entities that are subject to the Privacy Act should take a much greater interest in protecting their intangible assets from cyber security incidents to avoid the requirement to make a mandatory breach notification or alternatively pay hefty penalties if they fail to comply with the notification requirements. Penalties of $360,000 for individuals and $1,800,000 for bodies corporate may apply.

There is an increased need for companies to be vigilant and to develop a cyber resilience plan which allows them to plan for cyber incidents, prevent, detect as well as respond to cyber incidents.

What we offer:

The Bennett & Philp Lawyers’ InfoSec Team has been formed to protect and assist clients with cyber security incidents. The team offers discounted compliance, intelligence and response packages tailored to your individual company's requirements, including:

  • Privacy Act compliance advice;
  • Pre-threat intelligence and planning, and
  • Incident response, Privacy Act notification advice and guidance in mitigating the need to do a notification.

Call our InfoSec Team today on +61 7 3001 2999 to ensure your confidential data is well-protected and that your business is fully compliant with the new data protection regulations.