Speaking at the CIO 2003 conference in Sydney, Health Insurance Commission (HIC) CIO, Dr Brian Richards, highlighted the continued need for organisations to ensure privacy of information.
"Privacy is how the organisation chooses to responsibly handle personal information," Richards said.
Issues of privacy mainly related to confidentiality, but could also involve integrity and availability of data, he added. Ensuring adequate levels of system-redundancy and disaster-recovery planning were in place was also part of the process.
End-to-end security audits were among the tactics Richards said the HIC employed to tackle security. It also recommended a cradle-to-grave approach to the information lifecycle, and did much work on risk management, based on the AS/NZSANZS4360 risk management standard.
"We regularly do intrusion testing of our gateway and physical intrusion testing," Richards said.
Other security checks included access control and user accountability, for organisational awareness of who was accessing information, and from where information was being accessed. "All staff and contractors go to privacy training," he said.
In his address, Richards also touched on the importance he believed Public Key Infrastructure (PKI) held for organisations. "In our view this is the best online privacy and security protection mechanism available," he argued.
6%
1%
