DSPANZ provided a submission to the Department of Home Affairs on the development of the National Data Security Action Plan on 24 June 2022.
In this submission, we raised the following issues:
-
It can be difficult for organisations to navigate the plethora of different security standards and even more difficult if they have limited
security expertise;
- The Government should reflect existing security standards, policies and controls rather than creating anything new;
-
Organisations may be required to meet different security standards with conflicting controls which can considerably impact how they operate;
-
Where applicable, security standards and guidance should follow a tiered approach to make them more accessible to smaller organisations
while also providing a pathway for how they can uplift their security as they mature;
-
The Government should focus on how they can directly support smaller organisations rather than relying on large organisations to perform
this role as they manage their supply chains;
- The Government has a role to play in creating consistency across different reporting obligations as well as considering how they can share information about security incidents between agencies; and
- The Government should consult with a wide variety of stakeholders and work alongside industry when considering any new concepts or policy for data security.
Access a full copy of this submission here.