This article on Australia’s pending Privacy Act Reform includes comment from Scott Hesford who suggests that Australia may not need to write an entirely fresh collection of legally binding cybersecurity requirements for holding Personally Identifiable Information but we do need to ensure that we’re holding that data under the appropriate settings in accordance with recognised strategies such as the ASD Essential Eight. This includes mandating organisations to manage restrict administrator privileges, limit access to sensitive data and also to put in place controls for how long any person within an organisation can have access to privileged accounts.

Read the full story here:

Prefers reduced motion setting detected. Animations will now be reduced as a result.