Menu
Data breach notification laws in NZ: how can partners prepare?

Data breach notification laws in NZ: how can partners prepare?

Cyber health of a nation now coming under question

L-R: Lewis Holden (Cogent); Matthew Lord (Dimension Data); Karl Thomson (StorageCraft); Phil Martin (SAS IT); Hayley Dack (DNA Connect); Mark Ellis (Datacom); Stuart Speers (Enterprise IT); Neil Cresswell (Emerging Technology Partners); James Henderson (Reseller News); Gerhard Nagele (Vodafone); Greg Mikkelsen (SecureCom); Ben Tan (BT Cyber); Christian Derrington (Umbrellar) and Stuart Preston (Splunk)

L-R: Lewis Holden (Cogent); Matthew Lord (Dimension Data); Karl Thomson (StorageCraft); Phil Martin (SAS IT); Hayley Dack (DNA Connect); Mark Ellis (Datacom); Stuart Speers (Enterprise IT); Neil Cresswell (Emerging Technology Partners); James Henderson (Reseller News); Gerhard Nagele (Vodafone); Greg Mikkelsen (SecureCom); Ben Tan (BT Cyber); Christian Derrington (Umbrellar) and Stuart Preston (Splunk)

Credit: Gino Demeer

With the data breach notification laws expected to become reality in New Zealand, the security practices and policies of Kiwi organisations are coming under the spotlight.

Because as the legislation looms large, the cyber health of a nation is coming under question.

Irrespective of legalities however, businesses today remain unprepared to handle the requirements of security, creating a need for external guidance and advice.

But is the channel ready to capitalise?

As reported by Reseller News, New Zealand’s new data breach notification laws carry sharp penalties for organisations that are found not to be properly compliant with them - individuals can expect fines of up to $100,000, and body corporates can expect penalties of as much as $1 million.

These laws follow similarly strict laws adopted in overseas markets, such as the recently-enacted GDPR requirements in the European Union.

However, just as over half the companies throughout Europe are not properly compliant despite the risks, even past the deadline, so too are New Zealand organisations of all sizes scrambling to catch up with the local laws.

Consequently, vendors and channel partners alike now find customers in urgent need of both guidance and technology solutions to mitigate against this potentially business-ending level of risk.

Lewis Holden (Cogent); Karl Thomson (StorageCraft) and Phil Martin (SAS IT)Credit: Gino Demeer
Lewis Holden (Cogent); Karl Thomson (StorageCraft) and Phil Martin (SAS IT)

“This legislation means that a small business in New Zealand can effectively go bust just because they’re breached,” said Lewis Holden, general manager of Cogent. “You’ve got to remember that 95 per cent of the local market is made up of small businesses.

“It’s an incredibly competitive space, with plenty of others that will fill the gap when one of them goes down. They can’t afford those kinds of fines.”

Learning the law

Threatening though the laws may be, they’re also reasonable, according to SecureCom director, Greg Mikkelsen said.

For Mikkelsen, when assessing the high-profile breaches occurring in the market during recent years - think Equifax, Facebook and Cambridge Analytica controversies - it’s understandable to see why New Zealand must also develop a strong framework for handling data security and privacy.

This in turn offers an opportunity for the local business community to realign itself behind data security.

“I think that if these laws came at an earlier point in time people would have seen it as a solution looking for a problem,” Mikkelsen said.

“People are realising what’s at stake far more than before, and that it’s an issue that has to be dealt with. The legislation will just sharpen individuals and organisations up to realise that they do have some personal responsibility in this area.”

Locally speaking, Mikkelsen said the challenge that businesses face centres around a “lack of genuine understanding” at the executive layer about what is involved in becoming – and maintaining – compliant.

Greg Mikkelsen (SecureCom)Credit: Gino Demeer
Greg Mikkelsen (SecureCom)

“Very few senior executives in New Zealand come from an IT background,” Mikkelsen said. “So, when you’re trying to explain risk from an IT perspective, and what’s involved in addressing that risk, it’s challenging to properly articulate it to such leaders.

“On occasions, you can be trying to teach them things that they have no basic comprehension of. As a technology provider, you can’t go back and teach them 20 years of IT knowledge around switches, routers, firewalls, data security, and so on.”

Instead, partners must highlight examples such as Equifax, and the extent of damage that a data breach can have, both to the company and the executive team themselves.

“Equifax had 47 million records breached, and didn’t tell anyone for months afterwards,” Mikkelsen added. “Now the company is facing massive costs, the CEO is gone, half of the board of directors is gone, the CIO and CTO are gone also.”

As a result, it’s important to drive home the executive’s role in managing the technology risk profile of their company because, according to Mikkelsen, that awareness is just not there yet.

“I’m still not seeing any connection between a director’s sense of responsibility, their knowledge and understanding around IT, risk and security, and their interest in engaging with companies like us who are providing services in an IT world,” Mikkelsen added.

Such a disconnect is widely expected to change however, as business leaders begin to realise that they don’t need to have a breach of the scale of Equifax for the organisation to be exposed.

In time, businesses will naturally look to their suppliers to develop and execute solutions to manage the risk profile.

Read more on the next page...


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Datacomstoragecraftsplunkdimension dataCogententerprise ITsecurecomSAS ITUmbrellarEmerging Technology Partners

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments