AISA Submissions

Public Consultation on Doxxing and Privacy Reforms Submission

Submission - April 2024

AISA is pleased to present its feedback on the Doxxing and Privacy Reforms, addressing the three proposed reforms outlined in the consultation paper. 

This submission is informed by insights gathered during roundtables organised by the Attorney-General's Department, along with discussions with senior executive members of AISA, including the AISA Board of Directors.

Please read AISA's Submission on Doxxing and Privacy Reforms HERE

2023-2030 Australian Cyber Security Strategy Legislative Reforms Response 

Submission - March 2024

This is a response prepared by AISA on the Cyber Security Legislative Reforms, covering the two parts of the consultation paper across the 9 measures. 

This response was prepared using feedback collected from AISA’s member base, community members and senior executive members of the Executive Advisory Board for Cyber (EABC).

Comprehensive feedback has been collected over the past two months through in-person town halls and roundtables organised across most Australian capital cities and through an online survey.

We appreciate the engagement provided by the Department of Home Affairs and the Cyber Security Minister’s office. We commend the team for attending meetings and roundtables with AISA representatives to discuss various aspects of the consultation paper and provide context to the different measures. We welcome these efforts and encourage continued engagement on matters related to the cyber security strategy and its implementation.

Please read AISA's 2023-2030 Australian Cyber Security Strategy Legislative Reforms Response Submission HERE

Supporting Responsible AI Discussion Paper

AISA was pleased to prepare a submission in response to the Supporting Responsible AI Discussion Paper.

We offer our perspective as a member-based industry association and as advocates for enhancing responsible information security standards and initiatives that we hope will in turn, address systemic challenges, improve digital trust and enhance resilience in cyber and information security.

Please read AISA's submission 'Supporting Responsible AI Discussion Paper’ HERE

Australian Cyber Security Strategy Survey Report 2023

Submission

AISA was pleased to submit a response to the 2023-2030 Australian Cyber Security Strategy as the peak professional body for information security and cyber security in Australia.

AISA conducted the following in preparation for this response to Government:

1. Roundtable discussions across the nation with business leaders, executives and CISO/CSO/CIOs
2. Townhall discussions with members in WA, SA, VIC, ACT, NSW and QLD
3. Research across the 10,000+ individual members and corporate partners to survey their views and opinions
4. Consultation with AISA’s Executive Advisory Board for Cyber which is comprised of over 60 CISO, CSO and CIOs

For several years, a debate has been ongoing regarding the existence of a cyber security skills crisis across all industries, as well as within the cyber security sector itself.

Although some organisations have struggled to find individuals with the necessary skills to fill vacancies, the issue facing the sector is more multifaceted than merely implementing professionalisation, accreditations or investing in additional industry-based training programs.

To fully comprehend and address the problem, we must first explore its origins and propose well-rounded recommendations for resolution. By understanding the origins of the cyber security skills crisis and implementing comprehensive recommendations, we can work towards resolving the issue and building a more robust, skilled and secure cyber landscape.

Please read AISA's Submission in response to the 2023-2030 Australian Cyber Security Strategy HERE

Privacy Act Review Report 2022

Submission Paper

AISA was pleased to submit a response to the Privacy Act Review Report 2022 in collaboration with the Australian Cyber Law Institute (ACLI).

ACLI and AISA have reviewed and referenced the submissions and commentary of IIS Partners, Privcore, and Sallinger Privacy. As such, we hope that our views will be considered alongside those of our esteemed colleagues, as collectively we are working to ensure enhancements to Australian privacy law aimed at improving organisational privacy practice, empowering consumers, and protecting their data.

In this submission we have covered matters of particular interest to this stage of the privacy reform agenda, noting that our 2021 Issues Paper submission canvased at length many of the themes mapped into the present Discussion Paper, and the submission to the Privacy Act Review – Discussion Paper (October 2021), submitted October 2022.

The Report is the culmination of two years of extensive consultation and review of the Privacy Act 1988 (Cth) (Review of the Act). The Review examines the Act and its enforcement mechanisms in the context of a world where Australians now spend much of their lives online and their information is collected and widely used in the digital economy.

We commend the Australian Government and Department of Home Affairs for their ongoing efforts on this Review. The resulting Report contains hundreds of references to cyber, cyber security or security and contains several hundred pages of summary, proposals, information related to consultations and terms of reference.

Overall, we support the amendment of the Act and see this as a vital step toward Australia’s digital future.

Please read AISA and ACLI’s joint Submission to the Privacy Act Review Report 2022 HERE

Public Consultation on Draft SOCI Risk Management Program (RMP) Rules

Submission Paper

AISA was pleased to submit a response to the Public Consultation on 'Draft SOCI Risk Management Program (RMP) Rules' from our perspective as the peak professional body for information security and cyber security in Australia.

We offer our perspective as a member-based association and as advocates for enhancing responsible information security standards and initiatives that will in turn address systemic challenges, improve digital trust, and enhance resilience in cyber and information security.

Please read AISA's Submission in response to the Public Consultation on ‘Draft SOCI Risk Management Program (RMP) Rules’ HERE

Public Consultation on ‘Strengthening Operational Risk Management’ Prudential Standard CPS 230 Operational Risk Management

Submission Paper

AISA was pleased to submit a response on the Public Consultation on ‘Strengthening Operational Risk Management - Prudential Standard CPS 230 Operational Risk Management’ from our perspective as the peak professional body for information security and cyber security in Australia.

Please read AISA's submission on 'Strengthening Operational Risk Management’ Prudential Standard CPS 230 Operational Risk Management HERE

Reform of Australia’s electronic surveillance framework

Discussion paper response

ANY changes to law relating to electronic surveillance implemented as a result of work arising out of the changes proposed in the discussion paper must not erode the privacy of Australian citizens, their confidence in the confidentiality of their communications and protection of proprietary information, AISA has told the Australian Government.

"AISA does not agree with the premise proposed in the discussion paper that without access to information and data as defined by note1 in the paper, law enforcement agencies could not prevent and prosecute the most serious criminal activities, such as child sexual abuse, organised crime and cybercrime. This default stance as listed in the discussion paper proposes that those not in support of the legislative changes support organised crime and child abuse, which is both preposterous and offensive to many Australians."

>> Please read the AISA submission here in pdf format

Privacy Act 1988 Review: Discussion Paper response

Submission Paper

IN THIS submission to the review of the Privacy Act 1988, AISA has covered matters of particular interest to AISA at this stage of the privacy reform agenda, noting that our 2021 Issues Paper submission canvased at length many of the themes mapped into the present Discussion Paper.

AISA has reviewed the submissions of the Office of Australian Information Commissioner (OAIC), Salinger Privacy, Data Synergies and IIS Partners (submitted jointly with Ground Up Consulting). It is AISA’s hope that our views will be considered alongside those of our esteemed colleagues, as collectively we are working to ensure enhancements to Australian privacy law improve organisational privacy practice, empower consumers, and protect their data.

>> Read AISA's Privacy Act Review submission in PDF format

Strengthening Australia's cyber security regulations and incentives

AISA submission

THIS response offered by AISA represents the collective views of over 7500 cyber security and information technology professionals, board directors, allied professionals in industries such as the legal, regulatory, financial and prudential sector, as well as cyber and IT enthusiasts Australia.

It is AISA’s hope that the Department of Home Affairs will consider our responses to the call for views and incorporate recommendations included as part of a holistic drive by the Australian Government to help deliver a safer and more secure cyber world for the people of Australia, both now and well into the future.

AISA/AustCyber joint statement

A MAJORITY (54 per cent) of directors, executives and key staff surveyed by AISA responded that they were "extremely concerned" about the risk of cyber security breaches within their organisation. 
And 51 per cent of respondents reported that "to a large extent" they "felt pressure to act" on cyber security risks due to customer sentiment.
AISA and AustCyber have prepared a report based on the surveys. 
They also found: 
•        78.4 per cent of survey respondents supported better education and training for directors
•        64.7 per cent supported general better practice guidance from industry 
•        56.9 per cent wanted sector specific better practice guidance

>> Read the joint statement here in PDF format

Consumer Data Rights Telecommunication Sectoral Assessment Consultation Submission

Australian Information Security Association (AISA) welcomes the request for submissions from the Treasury in relation to its sectoral assessment. The Australian Government announced that the Consumer Data Right (CDR) will extend to telecommunications datasets, pending sectoral assessment and formal consultation. AISA understands that the associated consultation process seeks to understand the scope of what could be considered as ‘telecommunications data’, the nature of that data and who holds the data with particular regard to identifying data that could provide value to consumers if made accessible.

>> Read the submission here in PDF format

DTA Digital Identity Legislation 2021 -

Response to the Federal Government's draft legislation

THE Australian Information Security Association (AISA) is supportive of the process to seek consultation with industry and the broader community on the strategy to improving the DTA Trusted Digital Identity Legislation. AISA is supportive of the fundamental objective of the Trusted Digital Identity Framework (TDIF) to help Australians verify their identity in a safe and secure way when accessing government services online. In addition, providing a mechanism for individuals to voluntarily use their identity to access multiple services, thereby simplifying and minimising the need for disparate multiple identities when accessing government services.

It is important to recognise the introduction of a system that minimises the need for multiple identities can also be construed as the revival of the failed Australia Card and Access Card initiatives which have been wholly rejected by the Australian public. As per the Information Integrity Solutions Pty Ltd (IIS) submission, one of the reasons the TDIF is acceptable is that it does NOT REQUIRE a single identity. The individual can have multiple identities each of which is verified by different verifying parties.

This is absolutely critical for civil liberties, freedom, privacy and to avoid creating a single Digital God who has digital life and death power.

>> Read the submission here in PDF format

AISA also highlights the submission of Information Integrity Solutions. 

>> Read the IIS submission here in PDF format

Exposure Draft for the proposed Online Safety Bill

This Bill seeks to enhance the existing protections contained within the Enhancing Online Safety Act 2015 (Cth).

Regarding the Bill's Abhorrent Violent Material Blocking Scheme, AISA recommends a provision be adopted that requires that a Blocking Notice be actioned "as soon as practicable" and defining an upper time limit in terms of how soon a service provider must action the request by.

>> Read more about AISA's concerns and recommendations, and where it supports the Draft, in our submission

Privacy Act Review

AISA welcomes the request for submissions from the Australian Government’s Attorney Generals Department in Review of the Privacy Act 1988 to ensure privacy settings empower consumers, protect their data and best serve the Australian economy. The review was announced as part of the government's response to the Australian Competition and Consumer Commission's Digital Platforms Inquiry.

>> Please read the submission here in PDF format

2020 Cyber Security Strategy

AS THE peak membership body for Australian information-security professionals, AISA prepared a detailed and comprehensive submission to the Federal Government's 2020 Cyber Security Strategy.

Our submission was drafted with substantial input from members, plus partner organisations, and written by board members and staff.

>> Please read the submission here in PDF format.

NOTE: If referencing the survey's findings, please ensure to give attribution to the Australian Information Security Association.

Security Legislation Amendment (Critical Infrastructure) Bill 2020

AISA welcomes the request for submissions from the Australian Government’s Department of Home Affairs in relation to the exposure draft bill for the proposed amendments to the Security of Critical Infrastructure Act 2018 (Cth).

>> Please read the submission here in PDF format