You are here


Survey Answer:

There are no common standards in Australia that specifically relate to IT security.
However, a failure by a company director to implement appropriate IT security measures may constitute a breach of the director’s common law duty to act with reasonable care, skill and diligence (although we are not aware of any cases in Australia where this duty has been applied specifically in relation to IT security).
Continuous disclosure obligations for companies under the Corporations Act 2001 (Cth), or under the ASX listing rules for corporations listed on the Australian Stock Exchange, may also require corporations to disclose where they have been the subject of a data breach involving unauthorized access to, unau-thorized disclosure of, or loss of, personal information.

Provided By:
Phil Catania: Corrs Chambers Westgarth