The Privacy Amendment (Privacy Alerts) Bill 2013 has been passed by the House of Representatives and will now be considered by the Senate.

UPDATE 20 June 2013: The Bill has been referred to the Senate Legal and Constitutional Affairs Legislation Committee which is due to report on 24 June 2013.

UPDATE 24 June 2013: The committee recommends that the Senate pass the Bill.

To comply with your obligations in the Privacy Act to keep customers’ personal information secure and to avoid being put in the situation of notifying your customers of a hacking of your system you should consider the Commonwealth Department of Defence’s Strategies to Mitigate Targeted Cyber Intrusions.

It lists the top 35 measures to counter risk, in order of efficacy and categorised by user resistance and cost. Its top 4 strategies are the place to start.

The Top 4 mitigations are: application whitelisting; patching applications and operating systems and using the latest versions; and minimising administrative privileges.

“While no single strategy can prevent malicious activity, the effectiveness of implementing the Top 4 strategies remains very high. At least 85% of the intrusions that DSD responded to in 2011 involved adversaries using unsophisticated techniques that would have been mitigated by implementing the Top 4 mitigation strategies as a package. …

The combination of all four strategies, correctly implemented, will help protect an organisation from low to moderately sophisticated intrusion attempts. Put simply, they will make it significantly more difficult for an adversary to get malicious code to run on your ICT system, or continue to run undetected. This is because the Top 4 strategies enable multiple lines of defence against cyber intrusions.”