By Warwick Purdy *
Blue Mountains City Council (BMCC) has developed an integrated Risk Management Strategy incorporating email security in an attempt to mitigate or control all aspects of the organisation’s business risk. We often think about risk relating only to civil infrastructure, such as someone tripping on a footpath or being injured in a playground, but how often do we think of our exposure to information risk? Our strategy identifies information risk as a real threat to Council’s business and a potential source of expensive litigation.
The PPIPA (Privacy and Personal Information Protection Act) has placed significant responsibility on Local Government in NSW. Councils now need to determine for what purpose information is collected, how it will be used, who it can be disclosed to and what measures have to be taken to protect information. Of particular importance to us was compliance with Information Protection Principle 5, relating to the retention and security of personal information.
BMCC believes that there are significant efficiencies to be gained by the extended use of Internet based delivery mechanisms for rates, purchase orders and invoices. To ensure that the confidentiality of information is maintained for our organisation, suppliers and customers, Council has just implemented new email security and signature certification software, Secure email, recently released in Australia by AXS-One. This allows secure emails to be sent from BMCC without the need for recipients to be licensed. This technology not only reduces our exposure to unnecessary information risk but also provide a defence in the unlikely event of intrusion.
* Warwick Purdy is Manager Information Systems at Blue Mountains City Council.
