Data Security Standards: Australian, EU, and AWS - DR Alarms Expansion
VerifiedAdded on 2023/06/08
|8
|2657
|165
Report
AI Summary
This report provides a comprehensive overview of data security standards, focusing on the Australian Privacy Principles (APPs) and comparing them to the European Union's GDPR. It highlights the key differences in terminology and scope, particularly regarding the definition of personal data and the applicability of the laws. The report then examines data security requirements for selecting a manufacturing venue, emphasizing best practices like segregating sensitive files, limiting permissions, and combating threats. Furthermore, it addresses the data security challenges and limitations associated with using Amazon Web Services (AWS), including service limits, technology constraints, the need for team education, technical support costs, and general issues like downtime and compliance. The report concludes by offering insights into how organizations like DR Alarms can navigate these challenges to ensure robust data security in their operations.
Assessment
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Table of Contents
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Data Security Standards in Australia...........................................................................................3
Differences between the Data Security Standards in Australia & EU.........................................4
Data Security Requirements for the Manufacturing Venue Selection.........................................5
AWS Data Security Challenges and Limitations.........................................................................6
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................1
INTRODUCTION...........................................................................................................................3
MAIN BODY..................................................................................................................................3
Data Security Standards in Australia...........................................................................................3
Differences between the Data Security Standards in Australia & EU.........................................4
Data Security Requirements for the Manufacturing Venue Selection.........................................5
AWS Data Security Challenges and Limitations.........................................................................6
CONCLUSION................................................................................................................................7
REFERENCES................................................................................................................................1
INTRODUCTION
Data security is the process of securing the digital information from any unauthorized
access or theft and there are several standards and frameworks for data security and protection
which needs to be complied with depending upon the area of operations. The following reporting
will therefore be giving a brief explanation of the data security standards in Australia and then a
brief overview will be given on how EU data security standards are different from the Australian
standards. Then the data security requirements will be outlined for setting up of new
manufacturing location and finally, challenges and limitations of AWS service will be discussed.
MAIN BODY
Data Security Standards in Australia
According to the Privacy Act 1988, a framework for the protection of privacy and
security of data has been provided which can be called as Australian Privacy Principles (APPs).
These principles assist in governing the obligations, standards & rights for the personal
information that are collected, used and disclosed, accountability and governance of any agency
or an organisation, personal information being integrated or corrected and the individual’s rights
for the access of the personal information (Data Security: Definition, Explanation and Guide,
2022). These Australian principles for privacy are the laws based on the principles which allows
the flexibility for the organisations and agencies to utilize the personal information and its
management according to the models of the business and varied needs of the individuals. Also,
these principles are technology neutral which provides these organisations and agencies with the
flexibility of adaptation of the ever transforming technology. It shall be noted that any breach or
non – compliance with these Australian Privacy Principle (APPs) is considered to be a serious
issue of interfering with the privacy of any individual and thus, will lead to penalties and
regulatory actions.
Now, there are 13 principles of Australian privacy (APPs) which addresses the issues like
handling of personal information which shall be transparent and open, anonymity and
pseudonymity, collected personal information that is solicited, how to deal with such personal
information that is unsolicited, notification of how the personal information is collected,
situations under which such personal information can be used or disclosed, direct marketing,
personal information which has the risk of being disclosed overseas, identifiers of government
being adopted, used and disclosed, quality of personal information, how the personal information
Data security is the process of securing the digital information from any unauthorized
access or theft and there are several standards and frameworks for data security and protection
which needs to be complied with depending upon the area of operations. The following reporting
will therefore be giving a brief explanation of the data security standards in Australia and then a
brief overview will be given on how EU data security standards are different from the Australian
standards. Then the data security requirements will be outlined for setting up of new
manufacturing location and finally, challenges and limitations of AWS service will be discussed.
MAIN BODY
Data Security Standards in Australia
According to the Privacy Act 1988, a framework for the protection of privacy and
security of data has been provided which can be called as Australian Privacy Principles (APPs).
These principles assist in governing the obligations, standards & rights for the personal
information that are collected, used and disclosed, accountability and governance of any agency
or an organisation, personal information being integrated or corrected and the individual’s rights
for the access of the personal information (Data Security: Definition, Explanation and Guide,
2022). These Australian principles for privacy are the laws based on the principles which allows
the flexibility for the organisations and agencies to utilize the personal information and its
management according to the models of the business and varied needs of the individuals. Also,
these principles are technology neutral which provides these organisations and agencies with the
flexibility of adaptation of the ever transforming technology. It shall be noted that any breach or
non – compliance with these Australian Privacy Principle (APPs) is considered to be a serious
issue of interfering with the privacy of any individual and thus, will lead to penalties and
regulatory actions.
Now, there are 13 principles of Australian privacy (APPs) which addresses the issues like
handling of personal information which shall be transparent and open, anonymity and
pseudonymity, collected personal information that is solicited, how to deal with such personal
information that is unsolicited, notification of how the personal information is collected,
situations under which such personal information can be used or disclosed, direct marketing,
personal information which has the risk of being disclosed overseas, identifiers of government
being adopted, used and disclosed, quality of personal information, how the personal information
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
is secured, how the personal information can be or is accessed and how such personal
information is to be corrected (Daly, 2018). Also, there are various other standards and
frameworks related to the cyber security in which appropriate rules, structures and procedures
are being developed by certified industries, governments and bodies. Some of the popular
standards are ISO 27001 (Information Security Management System – ISMS) which are
developed by the ISO International, Information Security Manual and Essential Eight which are
developed by the Australian Cyber Security Centre (ACSC) and SOC2 which are developed by
the American Institute of CPAs.
The above named standards and frameworks are a support to the overall structure of a
system (Karim, 2020). When choosing a standard or a framework, the organisation or an agency
shall remember considering the requirements of the business, acceptance and the rate of adoption
of the standard, requirements both contractually & regulatory and comparison of the benefits
derived from such standards and frameworks with the cost & efforts required for such
certification.
Differences between the Data Security Standards in Australia & EU
Standards on data security as per the Australian standards differ from the EU data
security standards although both of them have the common objective of the security of the data.
There is a difference in the terminology used in both the laws i.e., GDPR and the Privacy Act.
The word ‘privacy’ is not actually used in the GDPR and the phrase ‘data protection’ is also not
actually used in Privacy Act. But it can be said that both the terms infer the same meaning and
thus can be used in place of each other (GDPR vs Australian Privacy Principles, 2022). The term
used in GDPR is ‘personal data’ whereas, in the Privacy Act the term used is ‘personal
information’. Again, both of them have the same inference and can also be used in place of each
other but the interpretation of the concept in both the laws is different. Under the EU law, there is
a wide range of information and data that can be included in the ‘personal data’ like tracking
cookies and other identifiers online therefore, the organisations and agencies utilizing such
personal data need to obtain consent for cookies settings on the web pages and web sites.
The principles set out for the data security and data protection are laid out in Article 5.1
in case of GDPR which addresses the issues like transparency, fairness, transparency, limitation
of the purpose, minimization of the data, accuracy, limitation of the storage, confidentiality and
integrity. GDPR contains 6 principles in total (Rajaretnam and Young, 2020). Whereas, the
information is to be corrected (Daly, 2018). Also, there are various other standards and
frameworks related to the cyber security in which appropriate rules, structures and procedures
are being developed by certified industries, governments and bodies. Some of the popular
standards are ISO 27001 (Information Security Management System – ISMS) which are
developed by the ISO International, Information Security Manual and Essential Eight which are
developed by the Australian Cyber Security Centre (ACSC) and SOC2 which are developed by
the American Institute of CPAs.
The above named standards and frameworks are a support to the overall structure of a
system (Karim, 2020). When choosing a standard or a framework, the organisation or an agency
shall remember considering the requirements of the business, acceptance and the rate of adoption
of the standard, requirements both contractually & regulatory and comparison of the benefits
derived from such standards and frameworks with the cost & efforts required for such
certification.
Differences between the Data Security Standards in Australia & EU
Standards on data security as per the Australian standards differ from the EU data
security standards although both of them have the common objective of the security of the data.
There is a difference in the terminology used in both the laws i.e., GDPR and the Privacy Act.
The word ‘privacy’ is not actually used in the GDPR and the phrase ‘data protection’ is also not
actually used in Privacy Act. But it can be said that both the terms infer the same meaning and
thus can be used in place of each other (GDPR vs Australian Privacy Principles, 2022). The term
used in GDPR is ‘personal data’ whereas, in the Privacy Act the term used is ‘personal
information’. Again, both of them have the same inference and can also be used in place of each
other but the interpretation of the concept in both the laws is different. Under the EU law, there is
a wide range of information and data that can be included in the ‘personal data’ like tracking
cookies and other identifiers online therefore, the organisations and agencies utilizing such
personal data need to obtain consent for cookies settings on the web pages and web sites.
The principles set out for the data security and data protection are laid out in Article 5.1
in case of GDPR which addresses the issues like transparency, fairness, transparency, limitation
of the purpose, minimization of the data, accuracy, limitation of the storage, confidentiality and
integrity. GDPR contains 6 principles in total (Rajaretnam and Young, 2020). Whereas, the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
principles set out for the security and protection of the data are laid out in Schedule 1 of the
Privacy Act which are also called Australian Privacy Principles addresses the issues like
managing the personal information openly and transparently, anonymity and pseudonymity,
collecting of personal information, deal with the personal information, notifying the collection of
personal information, disclosing the personal information, direct marketing, disclosing overseas
information, disclosing and usage of identifiers which are related to the government, quality,
security, access and correction of the personal information.
It is very essential to note that the GDPR is a broader law than the Privacy Act. Under
GDPR law, it is to be noted that any individual, government body, company, etc. comes under
the purview of this law if it is utilizing or processing the personal information (McKenzie and
Kanhutu, 2021). These entities shall be offering goods and services to the businesses in the EU
and also monitoring the people’s behaviour in the EU. This means that there are no limits based
on turnover or size of the company for the applicability of the law i.e., a small developer who is
running a website is required to comply the law put in place. Whereas, Privacy Act enlists the
limits based on turnover and type of the company to describe its applicability on the business.
Data Security Requirements for the Manufacturing Venue Selection
DR Alarms which is manufacturer of security alarms and products of monitoring in
Sydney is looking to expand its operations in other countries besides Australia. For this, it is
planning to set up a manufacturing plant at some foreign location. Such a foreign location is
decided to be a developing country to be able to enjoy the benefits of cheap labour as compared
to that available in Australia (Canaway and et.al., 2019). Therefore, for selecting such a foreign
location, there are certain requirements related to the security of the data which shall be
considered beforehand. These requirements will address the policies of security set out by the
government and other bodies for effective implementation for governance of security and
security of information, personnel & physical resources. Certain best practices which to the
ensure the security of data includes the following:
Segregating sensitive files – It includes keeping sensitive files is a secured quarantined area
where there is no risk of unauthorized access by unauthorized users. Also, a security software
can be used that will segregate the sensitive data from other data and transfer to a secured
location.
Privacy Act which are also called Australian Privacy Principles addresses the issues like
managing the personal information openly and transparently, anonymity and pseudonymity,
collecting of personal information, deal with the personal information, notifying the collection of
personal information, disclosing the personal information, direct marketing, disclosing overseas
information, disclosing and usage of identifiers which are related to the government, quality,
security, access and correction of the personal information.
It is very essential to note that the GDPR is a broader law than the Privacy Act. Under
GDPR law, it is to be noted that any individual, government body, company, etc. comes under
the purview of this law if it is utilizing or processing the personal information (McKenzie and
Kanhutu, 2021). These entities shall be offering goods and services to the businesses in the EU
and also monitoring the people’s behaviour in the EU. This means that there are no limits based
on turnover or size of the company for the applicability of the law i.e., a small developer who is
running a website is required to comply the law put in place. Whereas, Privacy Act enlists the
limits based on turnover and type of the company to describe its applicability on the business.
Data Security Requirements for the Manufacturing Venue Selection
DR Alarms which is manufacturer of security alarms and products of monitoring in
Sydney is looking to expand its operations in other countries besides Australia. For this, it is
planning to set up a manufacturing plant at some foreign location. Such a foreign location is
decided to be a developing country to be able to enjoy the benefits of cheap labour as compared
to that available in Australia (Canaway and et.al., 2019). Therefore, for selecting such a foreign
location, there are certain requirements related to the security of the data which shall be
considered beforehand. These requirements will address the policies of security set out by the
government and other bodies for effective implementation for governance of security and
security of information, personnel & physical resources. Certain best practices which to the
ensure the security of data includes the following:
Segregating sensitive files – It includes keeping sensitive files is a secured quarantined area
where there is no risk of unauthorized access by unauthorized users. Also, a security software
can be used that will segregate the sensitive data from other data and transfer to a secured
location.
Limited permissions – Permission of accessing the access to the information and data to
only those who are actually required to access it and preventing temporary access and
permissions.
Combating threats – Well established and well planned cyber security policies need to be
implemented to cope up with the current and any potential threats that may arise in the
organisation and agency. Such threats will include external hacking and other insider threats.
Deleting unnecessary data – Keeping in storage the data and information which is no longer
required by the organisation or agency poses a substantial liability relating to its security and
protection (Podolskiy, Jindal and Gerndt, 2018, July). Therefore, the entity needs to have in
place proper systems and processes for eliminating any sensitive data which is no longer
required for the current operations of the business. This huge pile of sensitive data is a sitting
duck for the hackers who may pose a threat on the organisation and agency.
Visibility of data – It is very crucial to know the location of all the data and where it resides
in the system and thus access it whenever it is required and also delete it when it is no longer
required to avoid its misuse and free the space of the organisation and agency.
Tracking access – It is also very essential to track the access to the data and information by
the users and ensure that only authorized users are accessing such data and avoid providing
access to the users who shouldn’t be allowed such access.
Prevent high – risk actions – High risk actions and activities shall be prevented by blocking
such activities.
AWS Data Security Challenges and Limitations
DR Alarms, for expansion of its operations has received an advice regarding monitoring
services to be provided to its end – users that it shall utilize the cloud infrastructure of AWS
which will allow it to monitor the systems and processes at various foreign locations by using
AWS Edge (Mondschein and Monda, 2019). And this will also provide the company with the
competitive advantage and be able to track pattern of utilization of its products. But there are
also certain data security challenges and limitations related to AWS for such an expansion plan
that needs to be considered:
Service limits – The platform sets the limits for AWS service for preventing the spending of
excess money and protecting the system from utilization of uncontrolled resources. The issue
here is there is no requirement of these many resources. Most often, a company need not
only those who are actually required to access it and preventing temporary access and
permissions.
Combating threats – Well established and well planned cyber security policies need to be
implemented to cope up with the current and any potential threats that may arise in the
organisation and agency. Such threats will include external hacking and other insider threats.
Deleting unnecessary data – Keeping in storage the data and information which is no longer
required by the organisation or agency poses a substantial liability relating to its security and
protection (Podolskiy, Jindal and Gerndt, 2018, July). Therefore, the entity needs to have in
place proper systems and processes for eliminating any sensitive data which is no longer
required for the current operations of the business. This huge pile of sensitive data is a sitting
duck for the hackers who may pose a threat on the organisation and agency.
Visibility of data – It is very crucial to know the location of all the data and where it resides
in the system and thus access it whenever it is required and also delete it when it is no longer
required to avoid its misuse and free the space of the organisation and agency.
Tracking access – It is also very essential to track the access to the data and information by
the users and ensure that only authorized users are accessing such data and avoid providing
access to the users who shouldn’t be allowed such access.
Prevent high – risk actions – High risk actions and activities shall be prevented by blocking
such activities.
AWS Data Security Challenges and Limitations
DR Alarms, for expansion of its operations has received an advice regarding monitoring
services to be provided to its end – users that it shall utilize the cloud infrastructure of AWS
which will allow it to monitor the systems and processes at various foreign locations by using
AWS Edge (Mondschein and Monda, 2019). And this will also provide the company with the
competitive advantage and be able to track pattern of utilization of its products. But there are
also certain data security challenges and limitations related to AWS for such an expansion plan
that needs to be considered:
Service limits – The platform sets the limits for AWS service for preventing the spending of
excess money and protecting the system from utilization of uncontrolled resources. The issue
here is there is no requirement of these many resources. Most often, a company need not
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
have more than 5 elastic IPs per region or per region instances of more than 20 EC2. Increase
in resources will lead to increased expenditure.
Technology limits – Such a factor is applicable to all the cloud services. It involves reduced
speed of resolution of issues as it is dependent upon the development of general technology.
It is to be understood that the technology develops at its own pace and certain tasks that are
not possible to happen currently may be easily possible in future but currently, it is not
feasible.
Team’s education – If an organisation or agency decides to work through AWS service
infrastructure the team needs to be educated and resultantly, the organisation will need to
invest in the team’s training. It is necessary to know the working of the platform in detail to
be able to take the benefits of the AWS cloud service provider. Therefore, investment in an
experienced team is needed to efficiently manage the AWS platform in the organisation or
agency.
Technical support – There are added costs to the maintenance of the AWS platform for the
dedicated technical support. The AWS cloud services provides three packages for technical
support namely – developer, business and enterprise (Tawalbeh and et.al., 2020). Thus, for
an immediate assistance one of these packages need to be opted which will naturally elevate
the monthly expenditures.
General issues – There are certain general issues that every user of cloud computing services
will face like downtime, privacy, security, limited control and protection of backup.
Compliance – It is one of the major challenge in the cloud computing environment as it
results in creation of hurdles in cloud storage and services of backup. Each and every entity
utilizing this service has to comply with the laws and regulations like General Data
Protection Regulation (GDPR).
CONCLUSION
Conclusively, it can be said that data security is a complicate and challenging but very
essential issue as the data is an asset of the organisation and agency. The above report thus, gave
a brief overview of data security standards in Australia along with differences in EU data
security standards and Australian standards. Then it also outlined various requirements of data
security along with relevant challenges and limitations of AWS data security.
in resources will lead to increased expenditure.
Technology limits – Such a factor is applicable to all the cloud services. It involves reduced
speed of resolution of issues as it is dependent upon the development of general technology.
It is to be understood that the technology develops at its own pace and certain tasks that are
not possible to happen currently may be easily possible in future but currently, it is not
feasible.
Team’s education – If an organisation or agency decides to work through AWS service
infrastructure the team needs to be educated and resultantly, the organisation will need to
invest in the team’s training. It is necessary to know the working of the platform in detail to
be able to take the benefits of the AWS cloud service provider. Therefore, investment in an
experienced team is needed to efficiently manage the AWS platform in the organisation or
agency.
Technical support – There are added costs to the maintenance of the AWS platform for the
dedicated technical support. The AWS cloud services provides three packages for technical
support namely – developer, business and enterprise (Tawalbeh and et.al., 2020). Thus, for
an immediate assistance one of these packages need to be opted which will naturally elevate
the monthly expenditures.
General issues – There are certain general issues that every user of cloud computing services
will face like downtime, privacy, security, limited control and protection of backup.
Compliance – It is one of the major challenge in the cloud computing environment as it
results in creation of hurdles in cloud storage and services of backup. Each and every entity
utilizing this service has to comply with the laws and regulations like General Data
Protection Regulation (GDPR).
CONCLUSION
Conclusively, it can be said that data security is a complicate and challenging but very
essential issue as the data is an asset of the organisation and agency. The above report thus, gave
a brief overview of data security standards in Australia along with differences in EU data
security standards and Australian standards. Then it also outlined various requirements of data
security along with relevant challenges and limitations of AWS data security.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
REFERENCES
Books and Journals
Canaway, R. and et.al. (2019). Gathering data for decisions: best practice use of primary care
electronic records for research. Medical Journal of Australia. 210. S12-S16.
Daly, A. (2018). The introduction of data breach notification legislation in Australia: A
comparative view. Computer Law & Security Review. 34(3). 477-495.
Karim, S. (2020). Big data: challenges and opportunities in Australia. Global Journal of
Business, Economics and Management: Current Issues. 10(1). 1-20.
McKenzie, R., & Kanhutu, K. N. (2021). Telehealth quality check: Is it time for national
standards? Australian Journal of General Practice. 50(10). 778-781.
Mondschein, C. F., & Monda, C. (2019). The EU’s General Data Protection Regulation (GDPR)
in a research context. Fundamentals of clinical data science. 55-71.
Podolskiy, V., Jindal, A., & Gerndt, M. (2018, July). Iaas reactive autoscaling performance
challenges. In 2018 IEEE 11th International Conference on Cloud Computing
(CLOUD) (pp. 954-957). IEEE.
Rajaretnam, T., & Young, A. (2020). The promise of an open data economy in Australia:
legislating open banking. Computer and Telecommunications Law Review. 83-90.
Tawalbeh, L. A. and et.al. (2020). IoT Privacy and security: Challenges and solutions. Applied
Sciences. 10(12). 4102.
Online
Data Security: Definition, Explanation and Guide. 2022. [Online]. Available through: <
https://www.varonis.com/blog/data-security >
GDPR vs Australian Privacy Principles. 2022. [Online]. Available through: <
https://www.termsfeed.com/blog/gdpr-vs-australian-privacy-principles/ >
1
Books and Journals
Canaway, R. and et.al. (2019). Gathering data for decisions: best practice use of primary care
electronic records for research. Medical Journal of Australia. 210. S12-S16.
Daly, A. (2018). The introduction of data breach notification legislation in Australia: A
comparative view. Computer Law & Security Review. 34(3). 477-495.
Karim, S. (2020). Big data: challenges and opportunities in Australia. Global Journal of
Business, Economics and Management: Current Issues. 10(1). 1-20.
McKenzie, R., & Kanhutu, K. N. (2021). Telehealth quality check: Is it time for national
standards? Australian Journal of General Practice. 50(10). 778-781.
Mondschein, C. F., & Monda, C. (2019). The EU’s General Data Protection Regulation (GDPR)
in a research context. Fundamentals of clinical data science. 55-71.
Podolskiy, V., Jindal, A., & Gerndt, M. (2018, July). Iaas reactive autoscaling performance
challenges. In 2018 IEEE 11th International Conference on Cloud Computing
(CLOUD) (pp. 954-957). IEEE.
Rajaretnam, T., & Young, A. (2020). The promise of an open data economy in Australia:
legislating open banking. Computer and Telecommunications Law Review. 83-90.
Tawalbeh, L. A. and et.al. (2020). IoT Privacy and security: Challenges and solutions. Applied
Sciences. 10(12). 4102.
Online
Data Security: Definition, Explanation and Guide. 2022. [Online]. Available through: <
https://www.varonis.com/blog/data-security >
GDPR vs Australian Privacy Principles. 2022. [Online]. Available through: <
https://www.termsfeed.com/blog/gdpr-vs-australian-privacy-principles/ >
1
1 out of 8
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.