Menu
Data breach notification laws in NZ: how can partners prepare?

Data breach notification laws in NZ: how can partners prepare?

Cyber health of a nation now coming under question

L-R: Lewis Holden (Cogent); Matthew Lord (Dimension Data); Karl Thomson (StorageCraft); Phil Martin (SAS IT); Hayley Dack (DNA Connect); Mark Ellis (Datacom); Stuart Speers (Enterprise IT); Neil Cresswell (Emerging Technology Partners); James Henderson (Reseller News); Gerhard Nagele (Vodafone); Greg Mikkelsen (SecureCom); Ben Tan (BT Cyber); Christian Derrington (Umbrellar) and Stuart Preston (Splunk)

L-R: Lewis Holden (Cogent); Matthew Lord (Dimension Data); Karl Thomson (StorageCraft); Phil Martin (SAS IT); Hayley Dack (DNA Connect); Mark Ellis (Datacom); Stuart Speers (Enterprise IT); Neil Cresswell (Emerging Technology Partners); James Henderson (Reseller News); Gerhard Nagele (Vodafone); Greg Mikkelsen (SecureCom); Ben Tan (BT Cyber); Christian Derrington (Umbrellar) and Stuart Preston (Splunk)

Credit: Gino Demeer

With the data breach notification laws expected to become reality in New Zealand, the security practices and policies of Kiwi organisations are coming under the spotlight.

Because as the legislation looms large, the cyber health of a nation is coming under question.

Irrespective of legalities however, businesses today remain unprepared to handle the requirements of security, creating a need for external guidance and advice.

But is the channel ready to capitalise?

As reported by Reseller News, New Zealand’s new data breach notification laws carry sharp penalties for organisations that are found not to be properly compliant with them - individuals can expect fines of up to $100,000, and body corporates can expect penalties of as much as $1 million.

These laws follow similarly strict laws adopted in overseas markets, such as the recently-enacted GDPR requirements in the European Union.

However, just as over half the companies throughout Europe are not properly compliant despite the risks, even past the deadline, so too are New Zealand organisations of all sizes scrambling to catch up with the local laws.

Consequently, vendors and channel partners alike now find customers in urgent need of both guidance and technology solutions to mitigate against this potentially business-ending level of risk.

Lewis Holden (Cogent); Karl Thomson (StorageCraft) and Phil Martin (SAS IT)Credit: Gino Demeer
Lewis Holden (Cogent); Karl Thomson (StorageCraft) and Phil Martin (SAS IT)

“This legislation means that a small business in New Zealand can effectively go bust just because they’re breached,” said Lewis Holden, general manager of Cogent. “You’ve got to remember that 95 per cent of the local market is made up of small businesses.

“It’s an incredibly competitive space, with plenty of others that will fill the gap when one of them goes down. They can’t afford those kinds of fines.”

Learning the law

Threatening though the laws may be, they’re also reasonable, according to SecureCom director, Greg Mikkelsen said.

For Mikkelsen, when assessing the high-profile breaches occurring in the market during recent years - think Equifax, Facebook and Cambridge Analytica controversies - it’s understandable to see why New Zealand must also develop a strong framework for handling data security and privacy.

This in turn offers an opportunity for the local business community to realign itself behind data security.

“I think that if these laws came at an earlier point in time people would have seen it as a solution looking for a problem,” Mikkelsen said.

“People are realising what’s at stake far more than before, and that it’s an issue that has to be dealt with. The legislation will just sharpen individuals and organisations up to realise that they do have some personal responsibility in this area.”

Locally speaking, Mikkelsen said the challenge that businesses face centres around a “lack of genuine understanding” at the executive layer about what is involved in becoming – and maintaining – compliant.

Greg Mikkelsen (SecureCom)Credit: Gino Demeer
Greg Mikkelsen (SecureCom)

“Very few senior executives in New Zealand come from an IT background,” Mikkelsen said. “So, when you’re trying to explain risk from an IT perspective, and what’s involved in addressing that risk, it’s challenging to properly articulate it to such leaders.

“On occasions, you can be trying to teach them things that they have no basic comprehension of. As a technology provider, you can’t go back and teach them 20 years of IT knowledge around switches, routers, firewalls, data security, and so on.”

Instead, partners must highlight examples such as Equifax, and the extent of damage that a data breach can have, both to the company and the executive team themselves.

“Equifax had 47 million records breached, and didn’t tell anyone for months afterwards,” Mikkelsen added. “Now the company is facing massive costs, the CEO is gone, half of the board of directors is gone, the CIO and CTO are gone also.”

As a result, it’s important to drive home the executive’s role in managing the technology risk profile of their company because, according to Mikkelsen, that awareness is just not there yet.

“I’m still not seeing any connection between a director’s sense of responsibility, their knowledge and understanding around IT, risk and security, and their interest in engaging with companies like us who are providing services in an IT world,” Mikkelsen added.

Such a disconnect is widely expected to change however, as business leaders begin to realise that they don’t need to have a breach of the scale of Equifax for the organisation to be exposed.

In time, businesses will naturally look to their suppliers to develop and execute solutions to manage the risk profile.

Read more on the next page...


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Datacomstoragecraftsplunkdimension dataCogententerprise ITsecurecomSAS ITUmbrellarEmerging Technology Partners

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments