October 19, 2020

Volume X, Number 293

October 19, 2020

Subscribe to Latest Legal News and Analysis

Cybersecurity is only one part of security – a filing cabinet could be your highest risk

No matter how much you spend on cybersecurity technology, data breaches can occur in the most basic ways, for example by leaving an old filing cabinet lying around. This demonstrates the need for a holistic approach to information security.

Recently, highly confidential government papers were discovered inside two locked filing cabinets that were purchased at a second-hand furniture shop in Canberra. What likely happened was a public servant overseeing an office clean up unwittingly sold the filing cabinets containing state secrets to the furniture shop.

In 2016, the Australian Government announced that it would spend $230 million to “enhance Australia’s cybersecurity capability and deliver new initiatives”. This is one of the Government’s most serious data breaches in history, and it had nothing to do with hackers.

Clearly, effective overall data protection requires more than IT system security. What about having clear data protection policies which are reinforced by training? What about physical security, such as how secure are your premises, and how hard copy document are stored and disposed of? Can employees take documents home? Is someone reading over their shoulder while they read them on the way home?

From 22 February 2018, it will be mandatory to report data breaches. Businesses should think about what is really the best way to minimise data breaches.

As we have previously blogged, a huge proportion of businesses experience data breaches, and a large portion of those breaches are caused by vendors or contractors. It is clearly vital to have the right contracts in place with suppliers from IT contractors to cleaners so you can legally protect yourself.

When considering data security, the last thing you want is to spend big on cybersecurity only to have a missing filing cabinet filled with confidential information and no one to blame.

Harry Crawford contributed to this post.

Copyright 2020 K & L GatesNational Law Review, Volume VIII, Number 40


About this Author

Cameron Abbott, Technology, Attorney, Australia, corporate, KL Gates Law Firm

Mr. Abbott is a corporate lawyer who focuses on technology, telecommunications and broadcasting transactions. He assists corporations and vendors in managing their technology requirements and contracts, particularly large outsourcing and technology procurements issues including licensing terms for SAP and Oracle and major system integration transactions.

Mr. Abbott partners with his clients to ensure market leading solutions are implemented in to their businesses. He concentrates on managing and negotiating complex technology solutions, which...