Harley Geiger, senior director, public policy at Rapid7, shares his insights on a “whole-of-economy” approach to data security as part of the National Data Security Action Plan.
As citizens and businesses continue to accelerate their usage of digital services, it’s commendable to see the Australian federal government is taking action to improve data security and close the gaps in its framework of data protection requirements.
In the wake of increased ransomware and other cyber attacks, the time has come to modernise the practices and requirements that protect sensitive data from being stolen, compromised, or held to ransom.
As part of its first National Data Security Action Plan, the Australian government’s Department of Home Affairs recently released a discussion paper calling for views on the development of a new “whole-of-economy” approach to data security.
In her foreword in the discussion paper, the Minister for Home Affairs Karen Andrews says, “the department wants to ensure that governments, businesses and communities are informed and resourced to protect their data”.
She adds, “the action plan will complement the government’s work to strengthen Australia’s cyber security regulations and incentives by setting clear cyber security expectations; increasing transparency and disclosure; and protecting consumer rights […] and provide Australian individuals and businesses with the trust and assurance required to make Australia a top 10 digital economy by 2030.”
This is a positive development and a big reminder that data is a strategic asset that must be protected if we are to truly benefit from the advancements in technology and grow our digital economies. Consumers and businesses will ultimately benefit from updated and more consistent rules on data protection.
Data security is fundamental to consumer protection, and while privacy and data security are related, these are also distinct. Although privacy is not achieved through security alone, data security is critical to protect against privacy-related risks to collected data that arise from unauthorised system behaviour – such as malicious hacking and accidental data exposure. Privacy without security is entrusting your valuables to an unlocked vault.
But the challenge we still face in many jurisdictions is that technology has moved so rapidly that many of our data security laws need modernising. The regulatory environment is often complex, and a patchwork of disparate data security laws will provide inconsistent protections and be burdensome to administer.
As such, this action plan is to be recognised for its goal to further strengthen and coordinate Australia’s data security policy settings and create a national approach to protecting valuable data wherever it is stored or accessed.
Governments around the world have made cyber security a top priority and updating data security laws is a welcome and necessary starting point. Although security of personal information is one part of the broader issue of cyber security, it is one that directly affects many individuals, and the ripple effect of requirements to secure personal information will help raise the overall bar on the security of other systems and entities.
Rapid7 supports a unified and comprehensive data security standard that is clear and flexible enough for a wide variety of users and businesses to understand and implement. This will, in turn, build trust, support the growth of our digital economies and help protect our valuable data from malicious actors.
Harley Geiger is the senior director, public policy at Rapid7.