Australian Immigration Daily News

Cyber-risk management for Migration Alliance has become an important factor for our organisation, especially during this important growth and development phase. 

Last year, as many of you would be aware, Migration Alliance suffered from a serious and sustained hacking attack and multiple cyber-intrusion attempts.  The pointed and targeted attacks on our website were so bad that the Australian goverment Computer Emergency Response Team (CERT) became involved and assisted Migration Alliance over a period of about a month to counter the most severe intrusion attempts we had ever faced.  The CEO of the Office of the MARA was involved, the Data Security team at DIBP in Canberra were involved and the situation soon escalated to nothing short of an online data security 'code red'.

Whilst MA had online data security infrastructure in place at the time, we did not have an effective data-breach incident management plan.  We also did not have a Privacy Officer in place to manage the events as they occurred, in particular events which led to the theft of data.  As such we have spent time looking deeply into the Privacy Act.  We have also looked into Cyber-Risk and mitigation strategies to prevent this occurring into the future.

The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals. This includes the collection, use, storage and disclosure of personal information, and access to and correction of that information.

Migration Alliance takes data risk management to protect the privacy of members and clients extremely seriously. We will shortly be appointing a Privacy Officer who's primary function is to review the MA privacy policy, ensure that our online data is properly secure and create a compliant data breach incident management plan.  

Migration Alliance is aware that on the 12 March 2014, amendments to the Privacy Act 1988 enacted in November 2012 came into effect.  The changes include a new set of Australian Privacy Principles (APPs) and revised provisions on Privacy Codes.

AMSRO has consulted closely with the OAIC in the development of the Code.  The Code sets out how the Australian Privacy Principles (APPs) in the Privacy Act are to be applied and complied with by AMSRO members in relation to the collection, retention, use and disclosure of personal information about research subjects.  To make a submission please click this link.

To view the Privacy Regulation from 12 March 2014 please click here.  Please note that the Department of Immigration and Border Protection is listed.

Section 6EA of the Privacy Act allows small businesses and not-for-profits (such as Migration Alliance), who would otherwise not be covered by the Privacy Act, to choose to be treated as an organisation for the purposes of the Privacy Act and therefore subject to the Australian Privacy Principles and any relevant APP code.

As a not-for-profit, Migration Alliance has decided to 'opt-in' to be covered by the Privacy Act and making a public commitment to good privacy practice. This gives Migration Alliance the opportunity to benefit from an increase in consumer confidence and trust that would be derived from operating under the Privacy Act.  If your organisation would like to 'Opt-In' please click here for more information.

Shortly Migration Alliance will provide more information and an udpate for members regarding developments in this space.  Migration Alliance aims to set a benchmark in relation to Data Risk-Management and Privacy in the Australian Migration Advice Profession.

Further reading:     

http://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd1213a/13bd020