The Blog

Privacy Reloaded

The new Privacy Act comes into effect today  (1st of December 2020) so it’s a great time to make sure you understand your new obligations. Being on top of these changes allows you to remain compliant and do the right thing by the people you hold data on. So we’d like to remind you about some tools and resources we’ve found useful.

As a starter for 10, be sure to go through the  Office of Privacy Commissioner (OPC) free eLearning modules. We recommend the Privacy Act 2020 and Privacy Breach Reporting modules. You may also want to cast your eyes over the 13 pages comparison between the 1993 and 2020 Privacy Acts. Given that notifications have a special emphasis in the 2020 Act, we recommend that you bookmark NotifyUs, the OPC privacy breach reporting tool. NotifyUs helps you determine whether a breach is notifiable, in addition to reporting breaches and updating a previously notified breach.

As the 2020 Act has a new principle (IPP 12), which holds businesses and agencies responsible for ensuring that personal information is protected when sent overseas, you may want to ensure that you keep the relevant guidance, model contract clauses and example agreements handy. If you need a deep dive into the OPC Compliance and Regulatory Action Framework, consider reviewing their approach here. As a wrapper, the Transitioning from Privacy Act 1993 to Privacy Act 2020 blog post is an excellent read.

In addition to all of the previous, and since nothing beats organisation-wide awareness, the OPC has developed the Privacy breach brochure and three “Privacy is precious” posters specifically for the 2020 Act. Finally, remember that you can always use our free Privacy Threshold Assessment tool or contact us if you need help conducting a Privacy Impact Assessment.

Lame names for Cybercriminals

Sometimes I think my cybersecurity colleagues believe they are living in a spy novel. I mean, we are all guilty of trying to make our day jobs sound more interesting or trying to make them sound more ‘sexy’, but this industry in particular takes the cake. Even the name “cybersecurity” is like “oooh, I work in a William Gibson novel!” Though we can’t fault someone trying to make their job sound better than “security guard at an online shopping mall”. Read More

Are the latest cyber attacks just fuelling the new buzz on security?

Stop, drop, and roll, is everything on fire?

Now that the media hysteria has abated on the topic of DDoS, it seems timely for us to provide some commentary on this long standing topic from the perspective of security professionals.

The recent Distributed Denial of Service (DDoS) attacks on NZX, Stuff, RNZ, and many more have had the media bombarding us with updates and semi-new information aimed to keep us, the general public informed. Reading some articles on RNZ, Stuff, and NZHerald provide similar information on the attack.

There is no denying that the threat of sophisticated cyber-attacks are real, and while raising awareness about what is currently happening is a good thing, doing so without care may not be helpful. Read More

The security that dare not speak its name

There is a debate at work about what to call what we do. Actually, it’s not really a debate, more sort of a code of silence, or an agreement not to mention the subject in polite company lest it offends. When the subject comes up there is a sort of shuffling of feet, nervous laughter, “ahem”s and a subject quickly changed. But in Axenic’s spirit of transparency let’s get this out in the open: is what we do information security or cybersecurity? Certain people (I’m not naming names but they have numbered among our more beardy team members) have had such strong views that even using the word “cyber” at work is like a red rag to a bull. Actually, while I’m being honest, I have to admit that even though I am amongst the least hirsute of our team, I had strong leanings that way. Read More