Understanding Reasonable Steps in Data Protection: Insights from ASIC and OAIC

Key Insights from Recent Cases

Insights from a number of recent cases have shed light on what ASIC and OAIC define as reasonable steps in protecting personal information. The attached Whitepaper expands on a panel discussion at Cyber Con 2025. This discussion explored the learnings from these cases and provided tips to turn those learnings into practical action for both boards and executives.

What Are Reasonable Steps?

The insights include several key points:

• Reasonable steps are commensurate with the data held and the size of the organisation.

• Recognised data protection frameworks are expected to be used.

• Controls should be in place and confirmed to be working effectively.

• Continual executive oversight and process improvement are expected.

  
  

These points highlight the importance of tailoring your data protection strategies to fit your organisation's specific needs.

Implementing Effective Data Governance

Effective data governance is crucial for ensuring compliance and protecting sensitive information. Here are some strategies to consider:

Assess Your Current Data Landscape

Start by evaluating the data you currently hold. Understand its sensitivity and the potential risks associated with it. This assessment will help you determine the necessary steps to protect it.

Adopt Recognised Frameworks

Utilising recognised data protection frameworks can guide your organisation in implementing effective controls. These frameworks provide best practices and standards that can enhance your data governance efforts.

Establish Strong Controls

Implement robust controls to safeguard your data. Regularly test these controls to ensure they are functioning as intended. This proactive approach can help identify vulnerabilities before they become significant issues.

Foster Executive Oversight

Continual executive oversight is essential for maintaining data governance. Encourage leaders to engage with data protection initiatives actively. Their involvement can drive a culture of accountability and ensure that data governance remains a priority.

The Importance of Continuous Improvement

Data governance is not a one-time effort. It requires ongoing attention and improvement. Regularly review your processes and controls to adapt to changing regulations and emerging threats. This commitment to continuous improvement will strengthen your organisation's data protection posture.

Conclusion

In conclusion, understanding and implementing reasonable steps in data protection is vital for organisations today. By following the insights shared in the Whitepaper and focusing on effective data governance, you can navigate complex regulations and secure sensitive information.

To read more, see the full Whitepaper here.

By mastering data and AI governance, you can build trust and operational efficiency within your organisation.