The Office of the Australian Information Commissioner (OAIC) has released an updated information security guide with tips on stopping rogue employees and advice on using cloud storage offerings.
The <i>Guide to securing personal information</i> replaces the older Guide to information security and is designed to help government agencies and private sector companies meet their obligations under the Australian Privacy Principles (APPs).
The guide now includes steps/strategies to minimise the risk of a trusted employee data breach, for example. There are also tips on designing and building cyber security measures that factor in human error such as accidentally clicking on a bad website.
The guide also advises organisations on how to create a privacy and security aware culture within the workplace, and the necessity for a privacy culture to be driven from the board-level within organisations.
There is also a section on using cloud storage solutions such as Dropbox and the APP requirements that apply when the handling of information is outsourced to a third party provider such as a cloud services company.
In addition, the guide sets out what the OAIC calls the information lifecycle.
This includes five steps:
- Consider whether to collect personal information
- Use privacy by design
- Assess the risks
- Take appropriate steps and put into place strategies to protect personal information
- Destroy or de-identify personal information