The Privacy Commissioner has served an Enforcement Notice on the Consumer Council, directing it to remedy the contravention and prevent similar recurrence of the contravention.
Adopt multi-factor authentication for remote access to information and communications systems to minimise the risk of attacks targeting information systems;
Establish a robust cybersecurity framework, allocate sufficient resources and formulate effective strategies and measures to prevent, detect and respond to cyberattacks, thereby reducing the possibility of cyberattacks and the risk of data leakage;
Conduct regular risk assessments and security audits of information systems;
Establish a corporate culture that values data security; and
Devise effective training plans to enhance staff awareness and competence in data security and personal data protection.