The new Privacy Act comes into effect today (1st of December 2020) so it’s a great time to make sure you understand your new obligations. Being on top of these changes allows you to remain compliant and do the right thing by the people you hold data on. So we’d like to remind you about some tools and resources we’ve found useful.
As a starter for 10, be sure to go through the Office of Privacy Commissioner (OPC) free eLearning modules. We recommend the Privacy Act 2020 and Privacy Breach Reporting modules. You may also want to cast your eyes over the 13 pages comparison between the 1993 and 2020 Privacy Acts. Given that notifications have a special emphasis in the 2020 Act, we recommend that you bookmark NotifyUs, the OPC privacy breach reporting tool. NotifyUs helps you determine whether a breach is notifiable, in addition to reporting breaches and updating a previously notified breach.
Axenic has a very special ‘breaking news’ update! We are very pleased to announce that Axenic is now a PCI QSA registered company! This is a hugely important milestone for Axenic and an important part of our next stage of business development.
Sometimes I think my cybersecurity colleagues believe they are living in a spy novel. I mean, we are all guilty of trying to make our day jobs sound more interesting or trying to make them sound more ‘sexy’, but this industry in particular takes the cake. Even the name “cybersecurity” is like “oooh, I work in a William Gibson novel!” Though we can’t fault someone trying to make their job sound better than “security guard at an online shopping mall”. Read More
Now that the media hysteria has abated on the topic of DDoS, it seems timely for us to provide some commentary on this long standing topic from the perspective of security professionals.
The recent Distributed Denial of Service (DDoS) attacks on NZX, Stuff, RNZ, and many more have had the media bombarding us with updates and semi-new information aimed to keep us, the general public informed. Reading some articles on RNZ, Stuff, and NZHerald provide similar information on the attack.
There is no denying that the threat of sophisticated cyber-attacks are real, and while raising awareness about what is currently happening is a good thing, doing so without care may not be helpful. Read More
There is a debate at work about what to call what we do. Actually, it’s not really a debate, more sort of a code of silence, or an agreement not to mention the subject in polite company lest it offends. When the subject comes up there is a sort of shuffling of feet, nervous laughter, “ahem”s and a subject quickly changed. But in Axenic’s spirit of transparency let’s get this out in the open: is what we do information security or cybersecurity? Certain people (I’m not naming names but they have numbered among our more beardy team members) have had such strong views that even using the word “cyber” at work is like a red rag to a bull. Actually, while I’m being honest, I have to admit that even though I am amongst the least hirsute of our team, I had strong leanings that way. Read More