Reasonable steps in protecting personal information is becoming clearer...

Insights from a number of recent cases has shed light on what ASIC and OAIC define as reasonable steps in protecting personal information. The attached Whitepaper expands on a panel discussion at Cyber Con 2025 which explored the learnings from these cases and tips to turn those learnings into practical action for both boards and executives.

The insights include:

• reasonable steps are commensurate with the data held and the size of the organisation

• recognised data protection frameworks are expected to be used

• controls should be in place and confirmed to be working effectively

• continual executive oversight and process improvement are expected.

To read more see the full Whitepaper here: