Security Incident Response Workshop

Course Description

In today’s complex world, an appropriate and usable incident response plan to deal with inevitable incidents and unforeseeable events and an agile, incident response capability are essential.  How you prepare for and respond can minimise the impact of a damaging security incident.  One of the most important ways to prepare is to ensure you have an effective information security incident response strategy.  Being prepared will be even more important once mandatory data breach notification obligations are introduced into the Privacy Act.

This 1-day hands-on workshop will help you improve your organizations’ security posture by learning:

  • What you mandatory data breach notification requirements involved
  • What goes into an effective information security incident response plan for your organisation;
  • Systems for classifying events and identifying incidents;
  • The importance of clear, timely and consistent internal and external communications;
  • Why it is important for first-responders to have the authority to act and make decisions;
  • The benefits of testing your plan. 

The workshop will incorporate role-playing as a tool to simulate the tension of a real-time crisis situation.   Hands-on exercises will provide the opportunity to gain experience with the type of decisions an organisation might face in an information security emergency.

Cloud Computing Contracts: Privacy Act Compliance

Course Description

This course gives non-lawyers an overview of the privacy issues typically raised by Cloud Computing Contracts for Australian organisations. 

The Australian Privacy Act has some unique provisions and this course is designed to ensure an understanding of the Australian Privacy Principles and their application to cloud contracts. Using the presenter’s own extensive experiences in negotiating cloud contracts and knowledge of privacy law it will cover issues such as:

  • what is 'personal information',
  • the collection of personal information, 
  • how personal information can be 'used' and 'disclosed',
  • trans-border data flows,
  • access and correction rights,
  • data breach notification.

The differences between Federal and State privacy regimes will be explained.  The course will also cover how privacy might be managed within the context of cloud contracts and in keeping with the transparency principles contained in APP 1.  Finally, reference will be made to some relevant standards including ISO/IEC 27018 and ISO/IEC 27017.

Data Breach Notification in Australia

Course Description

This 2 hour on-line session provides an overview of the Australian data breach notification obligations, introduced by the Privacy Amendment (Notifiable Data Breaches) Bill , and which became effective in February 2018.  The new data breach laws will be reviewed in detail as will other obligations to notify of unauthorised access to or disclosure of information, applicable to Australian organisations. The session includes practical suggestions on establishing capability to comply with the mandatory data breach notification requirements which are now part of Australia’s privacy laws.

Australian Privacy Act: Overview

Course Description

Want to know about privacy in Australia? This 2 hour on-line course provides a brief introduction to the main piece of privacy legislation in Australia, the Australian Privacy Act 1988, with a particular focus on aspects relevant to IT and information security professionals.  It will outline the structure of the Act, go through all of the Australian Privacy Principles and cover the powers available to the Australian Privacy Commissioner.
The course content is completely up-to-date, including coverage of the data breach notification  amendments plus all the latest guidance, determinations and investigation reports issued by the Australian Privacy Commissioner.  It is designed for those who are interested in developing an awareness rather than detailed knowledge about their privacy obligations.

Privacy Management Framework

Course Description

This 2 hour live on-line session focuses on the OAIC’s Privacy Management Framework and what it means for entities subject to the Privacy Act 1988 (Cth), (as updated in March 2014). In March 2015 the Office of the Australian Information Commissioner (OAIC) released guidance on an Privacy Management Framework which provides steps the OAIC expects regulated entities to take to meet their obligations under Australian Privacy Principle (APP) 1. The Privacy Management Framework guide is aimed at enabling compliance and encouraging good practice.

Privacy & Confidentiality Law For Information Security Professionals

Course Description

This course covers the law of privacy and confidentiality in Australia, with a particular focus on aspects relevant to information security professionals. It is also designed so that organisations understand the Privacy Act  amendments effective 12th March 2014 and what those changes might mean for them.
It will focus on the Privacy Act 1988 (Cth) – the Commonwealth legislation that requires the protection of personal information in Australia - and will cover  the following: 
·         Application and exemptions
·         Definitions and key concepts e.g. “Personal Information”, “De-identification”, “Use” and “Disclosure”
·         the new Australian Privacy Principles (APPs) and changes from the old IPPs and NPPs
·         The Privacy Commissioner’s powers, including the power to seek penalties and enforceable undertakings
·         The Privacy Commissioner’s Guide to Reasonable Security
·         Consequences of breaching the Act
There will be a separate detailed consideration of Privacy Act issues raised by Cloud Computing contracts - including issues of consent and the cross border disclosure of data.
Relevant State privacy laws will also be covered.

Although focusing on Australian privacy law and the protection of confidential information - there will also be some coverage of the privacy and data protection regimes in the United States, Europe and Asia.Placeholder

Privacy Impact Assessment Workshop

Course Description

This 1/2 day hands-on workshop helps participants understand how to prepare for and carry out a privacy impact assessment (PIA) in their own organisations. 

A privacy impact assessment represents an innovative approach to managing the risks associated with privacy practices at an early stage of developing new products or services or making significant changes to business operations.  This course covers both the theory behind PIAs as well as offering participants practical experience in completing a PIA through the hands-on exercise.

The importance of PIA is recognised in Australia’s Privacy Act which gives the Australian Privacy Commissioner the power to direct government agencies to undertake a PIA. The Commissioner recommends that all organisations consider undertaking a PIA as part of their obligations to secure personal information and ensure compliance with their Privacy Act obligations. PIAs are also an important part of the Privacy Commissioner’s recommended Privacy Management Framework.

This workshop commences with an overview of relevant provisions of the Privacy Act 1988 (Cth).  It then provides a general outline of the PIA process, before focusing on the following key stages of a PIA in detail:

  • Project description: describe the project
  • Data Flow Mapping: describe and map the flows of personal information (internally and external to the organisation) and document relevant legislative and organisational rules.
  • Privacy impact analysis: analyse impacts on privacy.
  • Privacy management: consider alternative options that may improve privacy outcomes.
  • Recommendations & Report: produce a final report that considers the next steps for eradicating or mitigating the privacy risks.

The class will finish with a workshop based on a real life scenario, giving all attendees an opportunity to apply the theory in a practical environment.


Subscribe to RSS - Privacy