Legislation currently before Parliament includes security obligations for entities responsible for critical infrastructure, a list that will be significantly expanded.
Australia is reportedly contemplating make boards and managers of ASX listed corporations legally bound to protect their organisations, shareholders, and customers from cyber risks, according to The Australian Financial Review.
Australia’s Cyber Security Strategy 2020, released by Home Affairs Ministry last year, stated that the government will consult with businesses to consider reform options, including “the role of privacy, consumer, and data protection laws; duties for company directors and other business entities; and obligations on manufacturers of internet-connected devices.”
The AFR reports that the Treasury – tasked to lead the consultation – will implement rules similar to those under APRA (Australian Prudential Regulation Authority)’s proposed prudential standard for information security (CPS 234), which came into force in July 2019.
CPS 234 makes boards, senior management, governing bodies, and individuals directly responsible for implementing controls to protect information…
