It seems that every few weeks we hear news reports of another major data breach, and the latest statistics from the Office of the Australian Information Commissioner (OAIC) seem to back up this assertion. In the 6-month period from January to June 2024, the OAIC was notified of 527 data breaches through the Notifiable Data Breaches Scheme. Data breaches pose a significant threat to individual’s personal information and privacy, and governments around the world have been passing increasingly stringent privacy laws to force organisations to protect their customers’ personal information, the most well known being Europe’s GDPR.

Following the passing of the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, Australian organisations that fail to protect personal information now face significantly increased fines and penalties. For repeated breaches, fines can exceed $50 million dollars.

By implementing ISO27001:2022, organisations can take positive steps to reduce the likelihood of a data breach. The standard includes controls (Annex A 5.34) to protect Personally Identifiable Information (PII) and to identify and meet legal, contractual and legislative privacy requirements. Your ISO27001 information security management system (ISMS) will include measures to identify and protect personal information, mitigate the risks of cyber threats, as well as meeting your compliance obligations under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs).