DSPANZ provided a submission to the Department of Home Affairs on their "Proposed Ransomware Incident Reporting Obligation" fact sheet on 8 April 2022.
While we supported the objective underpinning this obligation, we raised our concern about adding an extra reporting obligation for Australian businesses without a clear corresponding benefit. Many Digital Service Providers (DSPs) are already required to report this information to the ATO under the Operational Security Framework in addition to other reporting obligations e.g. the Notifiable Data Breach Scheme. Many other businesses would be in a similar situation.
In this submission, we provided comments on the proposed reporting obligation. Access a copy of the full submission here.