As per the Mar/Apr Insider Magazine article “Making Sure It’s A Private Matter”

Six steps to preparing for breach notification

With the Australian data breach notification rules taking effect from 22 February 2018, organisations need to immediately assess their cyber exposure, risk mitigation opportunities, processes and procedures to ensure they can respond to the tight notification schedules and, as much as possible, contain the impact of a cyber incident.

1. Get across the detail of the legislation and implications for your organisation.
2. Understand what data you have, where and how it is stored – review and test your existing systems for managing and storing data and ensure they are compliant/robust.
3. Ensure you have a plan on how to address the legislation. This plan should be integrated with your cyber risk plan, cyber incident response plan and overall crisis management and business continuity plan.
4. Consider implementing the Australian Signals Directorate’s Essential Eight guidelines for cyber-attack mitigation and incident management.
5. Communicate the plan with key leaders across the organisation and get their buy in and educate employees.
6. Do any work required to prepare for legislation and review your current insurance arrangements with your broker to ensure you have adequate insurance and a response team at the ready.

Aon can help you understand the implications of this legislation, and what it means for your organisation. This may include reviewing your organisation’s cyber risk profile and considering your cyber insurance and incident response plan. If you would like to discuss further please contact Darren Clauscen on +61 2 9253 8350 or