Show download pdf controls
  • 2 February 2018

    The Cyber Security Stakeholder Group meeting was held on Friday 2 February 2018.

    The information below is a summary of topics discussed at the meeting.

    Introduction

    A reminder was provided to members about the enactment of the Notifiable Data Breach Scheme on the 22 February 2018.

    The NDBS is administered by the OAIC and further information around the Scheme is available on their site at oaic.gov.au/privacy/notifiable-data-breaches/External Link

    The ATO have published ato.gov.au content on providing guidance for protective measures for business and tax professionals following a data breach.

    ato.gov.au/databreachbusiness

    ato.gov.au/databreachtaxprofessionals

    Further information on preparing for the scheme can be accessed via How can organisations prepare – OAIC webinarExternal Link

    Scam update

    The following scammer disruption tactics have been initiated by the ATO:

    • Collaborated with Apple to have a scam warning prominently displayed on the back of iTunes cards
    • Supplied information and intelligence to the US Inland Revenue Service (IRS) on Australian Scams and shared scammer disruptions techniques
    • Launched the ato.gov.au/scamalerts page which offers current scam information

    13 October 2017

    The Cyber Security Stakeholder Group meeting was held on Tuesday 13 October 2017.

    The information below is a summary of topics discussed at the meeting.

    Introduction

    An update was provided on the transition from a working group to a stakeholder group and mentioned that our ongoing need to respond to cyber threats and the changing legislative environment made the transition necessary.

    ATO has drafted updated web content regarding Protective Measures following a data breach for tax professionals incorporating the mandatory breach notification requirements.

    It was noted that the content needs to provide clarity between the Notifiable Data Breach (NDB) Scheme requirements and those applicable to breaches of TFN data (specifically as it relates to entities with more than $3 million annual turnover).

    Scam update

    ATO’s Cyber Security Operations Centre (CSOC) presented an update on the global scam environment.

    ATO provided information regarding the Telephone Scam working Group, which reports to the PM’s Cyber Resilience task force.

    ATO continues to work on scam disruptions and publishes a monthly update of the most frequently reported ATO impersonation scams and their methods.

    Digital service provider update

    An update was provided on the ATO’s Digital service provider Operational FrameworkExternal Link.

    Terms of reference and expectations of members

    CSSG members agreed that quarterly meetings were sufficient, with ad-hoc meetings to be called if required.

    All members of the CSSG to be proactive in driving agenda items for the meetings and will provide updates back to their members when required.

      Last modified: 27 Nov 2018QC 54345