The Strongroom

Impending data breach notification laws should light a fire under New Zealand businesses

23rd of February 2018

Written by Michael Russell

This month we heard from Privacy Commissioner John Edwards that data breach notification is set to become mandatory in New Zealand. This is welcome news and a positive sign that the issue of data security is being elevated to its rightful place as a top priority for New Zealand businesses, who have long lagged behind the rest of the world in this area.

A higher standard of transparency will lift performance

Mandatory data breach notification means all businesses will be held to a high standard of transparency and will be publicly accountable for the robustness of their information security. News of the law change should give New Zealand businesses the impetus to improve their data security position, bringing us up to speed with our major trading partners. Not only will robust information security strategy and processes become a requirement of doing business, I believe they’ll also very quickly become a mark of quality and a competitive differentiator. 

Information security is a business risk problem - not an IT problem 

Too often, the message I hear from business leaders is that information security is an ‘IT problem’. This is simply not true; information security is a business risk issue that deserves to be front and centre of board level conversations. Intellectual property and customer information are highly valuable commodities - arguably more valuable than physical assets - and the appropriate time and resource ought to be devoted to their protection. When you consider what’s at stake, the prevention, detection and management of security threats is already central to good governance for any business - even without the risk of serious reputational damage caused by the mandatory disclosure of a breach.

The risks and the threats are real

In our current environment, it’s easy for businesses to avoid confronting the reality of cybercrime. With the veil of secrecy lifted, CEO’s will quickly become aware of just how prevalent attacks are. Complacency will be replaced by a sense of urgency, as businesses begin to play catch up.

The threat landscape is constantly evolving, so data security requires constant vigilance and improvement to prevent, detect, and manage threats and breaches. I expect to see an uplift in outsourcing activities as companies begin to understand the time and cost to do it well, and the risks involved in attempting to manage it without a specialist dedicated security operations centre.

With data breach notification legislation just around the corner, it’s become even more urgent than ever for New Zealand businesses to make sure they’re giving themselves the best possible chance against security threats.

Origin Security has the people, processes and technology to keep you safe and secure. Find out more here.

Michael Russell

Chief Executive Officer

Mike brings his wealth of experience from his unique position as the founder of Origin, along with his client and industry relationships and passion for the company, to work every day. His key responsibilities are to ensure that clients have a great experience, that the business is commercially sound and that Origin has the kind of culture that attracts and retains talented people.

Join the Strongroom
Join The Strongroom and get a regular round-up of news and views to keep you up to date with the fast moving world of cyber security.