ASIC has further focused its attention on the duties of companies and directors with regards to cyber resilience with the signing of a Memorandum of Understanding (MoU) with the Office of the Australian Information Commissioner (OAIC).
The MoU came into force on 13 June 2024, with ASIC reporting that it will allow for proactive information sharing between the two agencies for the purposes of exercising powers and performing their respective functions.
The Australian Information Commissioner, Angelene Falk, explained that the MoU will help accelerate data and privacy breach responses. ‘Protecting the public interest is best served by ensuring a joined-up approach by regulators that can efficiently and effectively deal with matters that cross regulatory domains.’ Ms Falk said.
ASIC Chair Joe Longo said, ‘Data and privacy breaches are becoming more common in our rapidly growing digital world. We need to have the appropriate mechanisms in place to be able to act fast and effectively when needed.’
Last year, Mr Longo signalled ASIC’s focus on cyber failures to the Australian Financial Review, warning that the corporate regulator will look to commence proceedings against directors and boards who ‘failed to take reasonable steps’ proportionate to the cyber risks that their businesses face.
How can you be prepared?
- Make sure your corporate governance strategy has cyber risk and privacy front of mind
- Conduct annual cyber health checks: do you know what state your cyber security is currently in?
- Ensure you have a Data Breach Plan and keep it up-to-date
- Keep records of processing activities and make sure your organisation actively reviews its information holdings
Data breaches are all too common, but the more prepared you are, the better the outcome will be for your customers and the company.