Quote:
Originally Posted by russellw
I'm sure their head of IT Security will be looking for a new job shortly.
|
That person is a relatively recent recruit from the Bank of England. That may save him. I think it will largely depend on how he handles this incident, rather than be responsible for letting the incident happen in the first place.
Their old CISO left in August, and only updated his Linkedin profile to say so a few days ago...after the hack!
Quote:
Originally Posted by russellw
As it currently stands in Australia, there is no repercussions against a company from a legislative standpoint unlike the EU model GDPR regulations which have stiff fines that peak at €10M but are doubled if there is negligence involved.
|
I think the OAIC can issue penalties.
https://www.oaic.gov.au/about-us/our...ivil-penalties
And being a publicly listed company, I think ASIC may be able to apply some form of penalty as well.