OAIC updates information security guide

The Office of the Australian Information Commissioner (OAIC) has released an updated information security guide with tips on stopping rogue employees and advice on using cloud storage offerings.

The lt;igt;Guide to securing personal informationlt;/igt; replaces the older Guide to information security and is designed to help government agencies and private sector companies meet their obligations under the Australian Privacy Principles (APPs).

The guide now includes steps/strategies to minimise the risk of a trusted employee data breach, for example. There are also tips on designing and building cyber security measures that factor in human error such as accidentally clicking on a bad website.

The guide also advises organisations on how to create a privacy and security aware culture within the workplace, and the necessity for a privacy culture to be driven from the board-level within organisations.

There is also a section on using cloud storage solutions such as Dropbox and the APP requirements that apply when the handling of information is outsourced to a third party provider such as a cloud services company.

In addition, the guide sets out what the OAIC calls the information lifecycle.
This includes five steps:

  • Consider whether to collect personal information

  • Use privacy by design
  • Assess the risks
  • Take appropriate steps and put into place strategies to protect personal information
  • Destroy or de-identify personal information
  • Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

    Copyright © 2015 IDG Communications, Inc.

    How to supercharge Slack with ‘action’ apps
      
    Shop Tech Products at Amazon