CIO Cyber and Risk Network

Conclusion: A requirement of the European Union’s (EU) General Data Protection Regulation (GDPR) is the concept of “data portability”, which provides a right to receive personal data an individual has provided in a “structured, commonly used, machine-readable format”, and to transmit that data to another organisation.

Underlying data portability is an assumption that data standards exist and are widely used across all public and private sector organisations, especially in specific vertical industries, such as Financial Services, Health or Utilities. In many cases in Australia, no such standards exist and there is no framework to encourage industry cooperation.

Australian organisations needing to comply with GDPR will have to develop an approach and strategy to how they will provide data portability when requested to do so.

Conclusion: The forthcoming General Data Protection Regulation (GDPR) legislation is being introduced by the European Union (EU), which has ramifications to organisations worldwide.

Key aspects of GDPR relate specifically to what data exactly an organisation should be able to legally keep and for how long. The underlying principle is that less is best in terms of data collected and kept. For the data to have been legally collected, an individual has to have explicitly given their consent to the organisation to collect, keep and process their personal data.

Conclusion: In a world where organisations increasingly rely on the successful performance of their business systems it is important IT management takes the lead in managing the risk of systems failure and cyber security breaches from all sources.

Boards are ultimately responsible for monitoring risks. They direct IT (and business) management to create a framework and strategy to manage systems, including data, and cyber security risks. The framework must include policies, supported by processes and practices to ensure business systems operate successfully and the data stored is not compromised.

Conclusion: The General Data Protection Regulation (GDPR) legislation being introduced by the European Union (EU) in May has ramifications to organisations worldwide.

Australian organisations that have already invested in ensuring that they comply with the Australian Privacy Act 1988, and have a robust privacy management framework in place, may find that they already comply with aspects of the EU’s GDPR. However, GDPR does have more stringent requirements including requirements that are not within the Australian requirements, so effort and investment will be required by organisations that need to comply with GDPR.

When considering an organisation’s position and defensibility in terms of whether they complied or not, organisations will need to develop an understanding of the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Conclusion: The forthcoming General Data Protection Regulation (GDPR) is new legislation being introduced by the European Union, which does have ramifications for organisations worldwide.

Being new, there is still a lot to be learned about what exactly some of the specific requirements will mean in practice and how they will impact organisations in being able to show that they have understood and completely complied with the regulation.

When considering an organisation’s position and defensibility in terms of did they comply or not, organisations will need to develop an understanding on the specific requirements, and how exactly they have implemented “technical and organisational measures to show that they have considered and integrated data protection into their processing activities”1.

Conclusion: Australian organisations and agencies need to embrace the European Union’s new General Data Protection Regulation (GDPR) legal framework for protecting and managing Private Individuals Information (PII). There is considerable risk to organisations that do not take action to comply, financially and to organisations’ brands.

There are also potential upsides in embracing the requirements and being able to demonstrate compliance with the accountability principles, and implementing both technical and organisational measures that ensure all processing activities comply with the GDPR.

Whilst Australian companies may already have practices in place that comply with the Australian Privacy Act 1988, GDPR has a number of additional requirements, including the potential appointment of “data protection officers”. Action should already be taking place, and organisations should not underestimate the time and effort it may take to reach and maintain compliance.

Conclusion: The introduction of Software Defined Networking (SDN) offerings touted a number of benefits around simpler and more agile network management and provisioning, lowering capital and operational costs.

Conclusion: Organisations are increasingly leveraging the services, skills and capabilities of third party organisations to deliver high quality IT services to their organisations. At the same time, there is industry recognition that contract management skills within organisations are often under par. Well managed relationships can result in significant returns for the organisation in terms of ROI and reduced management costs. Well planned arrangements with performance measurements represent sound management practices. Going beyond the basics to mature relationships and trust dividends is even better.

Conclusion: There has been considerable research and media coverage on the role of the CIO and its relevance in the new digital era. Cloud services are making big inroads and traditional responsibilities are changing. This could signal the end of the role of CIO in organisations or, at the very least, dramatically change the scope of responsibility and divide the function. Over the next 3-5 years many CIO roles will be restructured into two roles and this is already occurring internationally and Australia wide. Organisations are making this change because they need to position for change and growth and they do not feel that the CIO can lead that change. In many instances the CIO either leaves the organisation or is allocated to run internal operations and a new digital chief is appointed for the more externally facing growth positions. Savvy CIOs will position themselves to lead this alignment activity, divest responsibility for low growth value activities and remain relevant into the future.

Conclusion: The concept of innovation has been gaining wider acceptance in the past few years, particularly in line with the explosion of the Internet and social media. However, many organisations are still following the model that new ideas will be generated by the clever people within the organisation or will come from those external partners that are already known to the organisation. This outdated model does not provide the opportunity for organisations to identify great ideas that could provide significant benefit to their organisation. There is growing adoption of a broader based innovation method known as ‘Open Innovation’ that offers considerable benefit to organisations that embrace it.

Conclusion: Wartime is fast approaching. Some would argue it is already happening around us, and CIOs will be in the firing line. Radically different business models, historically poor relationships with business areas and the confluence of transformational technologies mean that many CIOs will not be able to just incrementally improve operations to stay relevant but lead significant change or face being a casualty of war.

Conclusion: In 2003 any failure of e-commerce systems through problems with supporting technology is seen as a failure of the whole organisation. Many business leaders have recognised that they need better models for governing IT investments and ensuring effective IT operations. To their dismay most CIOs have not recognised that change is required. Today many CIOs are ‘playing the wrong game’. Unless they quickly understand what is required they will be replaced with managers who do.

Many CIOs have remained focused on low cost operational support when they should be working hard to grow corporate capabilities in IT strategic planning, enterprise architecture, program and project management, relationship management and technology R+D.

For years CIOs have been waiting for an opportunity to work with business as a full partner. Today that opportunity is staring many CIO’s in the face and most haven’t recognised it.