The Australian Data and Insights Association (ADIA) has announced the launch of a new industry-specific certification program aimed at combating cybercrime. The program, set to commence in August via the ADIA Academy, is designed to provide enhanced security to organisations and their clients. It will be delivered over a 12-month period and is tailored to cater to both small and large businesses.

The certification program is designed to assist data, research and insights organisations in preparing for certification to the global ISO 27001 standard. ISO 27001 is recognised as the gold standard in information and data security best practice.

In the past year, the Australian Cyber Security Centre’s Signals Directorate responded to over 1,100 cyber security incidents from Australian entities. Nearly 94,000 reports were made to law enforcement through Report Cyber, representing an increase of 23% from the previous year. The Office of the Australian Information Commissioner (OAIC) reports that malicious or criminal attacks are the leading cause of privacy data breaches, with 91% of these involving some form of email interaction with consumers.

"ADIA's program is a clear and accessible pathway to ensure a company’s information security system meets the ISO 27001 certification requirement. Our member organisations are already recognised as having the best quality practices and standards in the country, working under Australia’s only registered APP privacy code and the industry trust mark. This latest compliance program strengthens these practices and will help ensure members’ data security systems and processes are world class," said Sarah Campbell, CEO of ADIA.

The program is open to both ADIA members and non-members. Certification to ISO 27001 is not mandatory and is separate from this program. ADIA member organisations have a track record in safeguarding personal information, working under a registered Australian Privacy Principles (APP) industry Privacy Code since 2003. The Privacy Code imposes additional requirements on top of the Australian Privacy Principles to protect confidentiality, prohibit any selling of data and ensure that all personal information is collected only with clear and informed consent.

"The research and insights industry relies on the goodwill of the Australian public and ADIA members remain committed to ensuring that continues to be a priority in their business. Protecting consumer respondents and sustaining the industry allows researchers to tap into public opinion and provide evidence-based research for critical social policy and commercial businesses on decisions that matter. In addition to launching this new program in 2024, the ADIA will also work closely with the OAIC on a new Privacy Code for member organisations once the legislation is passed later this year," Campbell added.

ADIA convenes a privacy compliance committee, chaired by Professor Peter Leonard, and members report annually on compliance. ADIA offers members a full suite of privacy resources and training via the ADIA Academy.