Privacy legislation is set for a shake up with Privacy Amendment Act 2012 coming into effect on 12 March 2014 which will have significant impact on how businesses manage their customer’s data. To avoid stiff penalties for non-compliance, you should start preparing for these changes now.
The changes are quite extensive (a summary can be found in the links provided below), but one of the key ones that you should be aware of is the severe penalties that will occur should a security breach result in customer’s data being compromised.
Even if you think your customer private data is secure, it may be worth checking to make sure that there aren’t any gaps in your systems and processes and that data is protected from unauthorised access to the maximum degree possible.
Getting outside help may be a good idea to look into your data protection strategy and identify if there are any weaknesses. We recommend that all businesses undertake Privacy Readiness Assessments as quickly as possible so they can roll out, if necessary, next-generation IT security solutions that will be a key part of their data privacy strategy in the future.
While you’re there, get your PCI Compliance under control
All merchants and their service providers that store or transit payment card details are required to meet the process and systems standards set out by the Payments Cards Industry despite being something that businesses should be compliant with by default, as it involves the secure management of one of the most critical bits of information that a customer can offer them; their credit card, PCI Compliance has a reputation for being an expensive hassle, which it really needn’t be.
You can minimise the disruption and expense to your business by engaging a PCI Compliance assessor or speaking to your financial institution. In terms of technology, you should be looking to deploy a network Intrusion Detection and Prevention system that protects IT systems, reduces risk and provides your business with the associated reporting aides in demonstrating compliance to the PCI Code.
From there it’s simply a matter of scheduling a standard range of compliance activities required to meet compliance including quarterly system vulnerability scans and annual system penetration testing.