By Kim Nguyen, Lawyer at Matthews Folbigg Lawyers

As we steadily enter 2021, Cyber security, IT and data analytics are the latest buzz words across every sector. The focus on cyber security is unsurprising as the COVID-19 pandemic has allowed private organisations to digitally hold and retain more personal data across the digital platform than ever before.

The recent cyber security attacks on the Parliament House and Nine Entertainment (Channel Nine) are a shining example of the dangers associated with the use of third-party vendors (such as cloud storage) by commercial entities.

In September 2020, a survey conducted by the Office of the Australian Information Commissioner (OAIC) revealed that data privacy is a major concern for 70% of the Australian community, and almost 9 in 10 want more choice and control over their personal information.1

In August 2020, the Minister for Home Affairs released ‘Australia’s Cyber Security Strategy 2020’. The strategy delivers an investment of $1.6 billion over the span of 10 years to strengthen cyber resilience across both the public and private sector.2 This is a massive jump from the 2016 Cyber Security Strategy which invested $230 million.

What will cyber resilience look like in 2021?

The key highlights of the plan:

How can I protect my business and unauthorised access to customer data?

1. Use the Australian Governments Cyber Security Assessment Tool to assess how secure your business is.

2. Make it a habit to back up your business’s data and website in the event you lost any information during a cyber attack.

3. Secure your devices and network by upgrading to the latest security software and operating system.

4. Encrypt important and personal customer information, such as: name, signature, address, date of birth, medical records or any other information which could be used to identify your customers.

5. Update your privacy policy and make it publically available on your business website.

Most importantly, if your business has an annual turnover of over $3 million, you must comply with the Privacy Act. For further information on privacy obligations relating to small businesses, please visit the OAIC website.

Cyber security was once seen as an “IT issue”. Now, cyber security is recognised as a core governance issue with regulatory bodies expecting greater accountability from directors and senior management.3 Although small and medium enterprises (SMEs) can expect to receive more assistance with their security awareness and capability, businesses should take steps to develop a skilled cyber workforce to instil greater consumer confidence in information and data handling.

Further information

The information contained in this article is general in nature and does not constitute legal advice. If you require specific advice or assistance on a particular privacy or workplace issue, please contact the Matthews Folbigg’s local government team on 9635 7966.

Liability Limited by a scheme approved under Professional Standards Legislation Commission

1 Office of the Australian Information Commissioner, ‘Australians want more control over privacy, survey shows’ (Media Release,

2 https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy