Our commitment to a healthy, safe and secure environment for our people and customers. 4.101 The OAIC found that the QFF collection notice meets the requirements of APP 5, and that it refers readers to the Qantas privacy policy for further information. The airline said it would contact customers whose bookings were cancelled directly. Once a SIA is formally underway, its progress is generally informal and collaborative, and may involve the project owner, the DISO, Legal, and any other relevant business units. The CHESS has responsibility for strategy, policy, systems oversight, monitoring and corporate governance over operational risks of the Qantas Group. Likely breach of relevant legislative obligations (for example, APP, TFN, Credit) or not likely to meet significant requirements of a specific obligation (for example, an enforceable undertaking), Likely adverse or negative impact upon the handling of individuals personal information, Likely violation of entity policies or procedures. Privacy complaints and compliance issues are handled by the corporate liaison team, who receive regular privacy training. Risk Management Policy; 9. In addition, Jetstars head of cyber security Yvette Lejins started a broader Group role at Qantas this month as the head of cyber business RAAF Base Curtin to see $244m upgrade; Bonza bound for Tamworth with flights from Melbourne, Sunshine Coast; Podcast: How Lockheed Martin On 2 July 2019, we became aware of a fraudulent website that looked like the Qantas Super login page and used a similar website address. Combining the expenditure of both domestic and international tourists who travel on Qantas and Jetstar, the additional total value added to the Australian economy associated with the role of the Qantas Group in facilitating tourism in FY 2017 is estimated to be $10.7 billion. Qantas has ordered 20 Airbus A321XLRs and 20 A220-300s narrow jets. Maintaining a regularly updated directory of all of the information assets (including personal information) held by QFF, and where these are stored. The OAIC also notes that Qantas Group intends to create a network of privacy champions, co-ordinated through the Group Privacy Officer. Safe growth: The Qantas Group has announced orders for a range of new aircraft. Protection from these attacks and the Further, members of loyalty programs and the community at large would expect entities to safeguard the personal information that they have been entrusted with. As travel has rebounded, we have restarted activity to those ports (and some new ones) by making sure our partners were ready for flights. We take active, quality measures to help you keep safe online and we also encourage our members to do what's possible to protect their account and personal information. 4.7 A Qantas Group policy registry is kept by the Company Secretariat for all Qantas Group policies. Number of Employees: 25,000. He is currently in the role of Group Chief Information Security Risk Officer at Standard Chartered Bank, based in Singapore with a global scope. Staff complete the training at induction and then every three years. The Group has a structured employee wellbeing and mental health program which has the dual focus of understanding and protecting our people from wellbeing and mental health-related risks, along with amplifying the opportunities for our work to positively impact on our wellbeing and mental health. Joint advisory released for Managed Service Providers and Customers to mitigate cybersecurity risks The Australian Cyber Security Centre (ACSC) has today joined with international cyber security agency partners, to warn Managed Service Providers (MSP) of pressing cyber risks and provide guidance on suitable mitigations for them and their customers. 4.98 The OAIC considers that there is room for improvement in the readability of the policy, and suggests that QFF works with the Qantas Group to review and, where possible, simplify the language of the policy. This includes aviation safety, WHS, environment, security (including cyber security) and business resilience matters. The program covers both work-related and non-work-related conditions. 4.10 Whilst all QFF personal information is stored in Australia, QFF use several offshore customer service centres. Heres why. 4.94 The OAIC reviewed this privacy policy against the requirements of APP 1. 5.6 Prior to the OAIC assessment in May/June 2017, the Qantas Group was already expanding its cyber security governance processes and materials to include increased focus on privacy. 4.80 Qantas Frequent Flyer does not permit access to, or disclosure of, members personal information to any of its program partners and is solely responsible for all communication with its members in relation to program partner products and benefits. During the pandemic, our Wellbeing program expanded from a focus on traditional areas of health and wellbeing physical health, nutrition, sleep, exercise and mental health to include financial wellbeing, healthy relationships and digital wellbeing. "For Qantas, doing business responsibly isn't just the right thing to do it's also the smart thing to do. Privacy related matters will also be raised during short stand-up meetings, where staff consult each other or offer suggestions on different matters and projects. 6.1 This assessment was conducted under s 33C(1)(a) of the Privacy Act, which allows the OAIC to assess whether an entity maintains and handles the personal information it holds in accordance with the APPs. 4.68 To further raise awareness of cyber security and privacy issues, staff are sent a weekly Friday Flyer email, which often contains information about how to avoid phishing scams and current privacy threats. Cyber Security Consultant at Qantas Group Greater Melbourne Area 500+ connections. Qantas Legal developed this privacy training. This report has been published in full. How do you quantify cyber risk management? Coles flybuys and Woolworths Rewards: what is the price of loyalty? Cyber security risk is, at the practical level, the responsibility of the QFF DISO. Through the application of data analytic techniques, entities can then use this data for a variety of purposes including profiling for targeted advertising and marketing. Is Okra Good For Fibroid, Possible ministerial involvement or censure (for agencies), Risks are limited, and may be within acceptable entity risk tolerance levels, Unlikely to breach relevant legislative obligations (for example, APP, TFN, Credit), Minimum compliance obligations are being met. QFF has since advised the OAIC that a Group Privacy Officer was appointed in late July 2017 and one of the primary responsibilities of this Privacy Officer, on appointment, would be to set up and co-ordinate a network of privacy champions across the Qantas Group. [10] The Flesch-Kincaid test used to assess the readability of Qantas privacy policy can be accessed at The Readability Test Tool. alfa romeo mito maserati usata; firehouse bakersfield bowling prices; keith winter fife council; cartel's cartel stallion 4.59 QFFs current approach to PIAs and other privacy assessments is collaborative and thorough. Last month, a group of 24 Qantas workers filed legal action against Qantas in the Federal Court, arguing that the airlines mandatory COVID-19 Across the Qantas Group, we collect, share, use, store and process personal information in accordance with an ever-changing and increasingly complex landscape of both international and domestic laws and regulations. Your cyber security policy doesn't need to be very long; most SMEs should be able to fit theirs onto a single sheet of paper. 3.2 QFF is a points-based rewards program and members may earn Qantas Points by purchasing products and services from Qantas or any of its program partners. The Head of Human Resources is required to sign-off on the completion of all required training in a report to the QFF CEO. Like many large organisations, we operate in an environment of ever-evolving cyber threats, where external attackers are always adopting more sophisticated techniques. See the quantity and duration of malware infections, along with other factors influence the overall assessment of an organizations IP Reputation. Overall, it is a document that describes a company's security controls and activities. 4.93 QFF uses the Qantas Group-wide privacy policy, also referred to as the Group privacy statement. 3.6 Members may choose to provide further information in relation to product preferences to receive targeted emails from QFF or its affiliates (e.g. The OAIC guidance on the GDPR may be found at Australian entities and the EU General Data Protection Regulation (GDPR). 4.15 The majority of corrections to personal information are completed by members themselves using the self-service facilities online, however, corrections may also be processed by telephone via an interactive voice system (where the member keys in their PIN) or manually via the QFF Service Centre (QFFSC) staff. June 14, 2022 . QFF sometimes utilises independent third parties to conduct external PIAs, however, the majority are conducted informally and in-house, and are built into its project management processes. The Qantas Domestic, Qantas International, and Jetstar Group segments offer passenger flying, air cargo, and express freight services. 4.64 Privacy training is compulsory for all staff with access to personal information, which includes Qantas call-centre staff, reservations staff and the entirety of QFF. All user access is logged and monitored, with the logs regularly audited by the platform owners. Our approach covers three main areas: operational safety, people safety and operational security. As the Security Technology Controller, you will be accountable for day to day operational activities across the physical security team including access, surveillance and alarm monitoring services with a focus on Qantas Group ASIC program compliance. The Qantas Groups FY21 performance for Total Recordable Injury Frequency Rate and Lost Work Case Frequency Rate both improved compared to the prior year. Across the Group, we are responsible for handling a substantial amount of personal information. 4.20 At the time of the assessment, QFF did not have an overall policy document for meeting its goals for managing privacy. This is supported by policies and procedures to ensure our people are treated fairly under what is known as just culture. 3.1 QFF was established in 1987, and had over 11.4 million members in June 2016. toby o'brien raytheon salary. 3.9 QFF is governed by and subject to Qantas Group policies. Join to connect Qantas. name, email address, phone number). Though the extent of involvement may vary by role, security is everybodys responsibility at Workday. Qantas Group also holds monthly direct reporting meetings, and risk is a regular agenda item. These risk management processes allow an entity to identify, assess, treat and monitor privacy risks related to its activities. Qantas Airways Limited ABN 16 009 661 901. The OAIC recommends that QFF develops and implements a PMP that sets out specific goals and objectives for its privacy management with consideration of the specific issues that apply to its operations. The General Counsel receives weekly briefings on key issues (including privacy matters) from QFF and on an ad hoc basis as needed. 4.92 Under APP 1.3, APP entities must have a clearly expressed and up to date APP privacy policy that explains the entitys handling of personal information. 2.3 In the 2014/2015 financial year, the OAIC assessed two leading loyalty programs in Australia. provide and operate competitions, promotions and events, distribute newsletters and other communications either directly or through a third party, facilitate participation in Qantas and program partner loyalty programs, conduct marketing activities for Qantas or third party products and services (the collection notice states that this is one of the primary purposes of QFF), conduct market and other research to improve Qantas products, services and marketing activities. Additionally, after the assessment fieldwork, QFF informed the OAIC that GCSC has since been renamed the Cyber Security and Privacy Committee. 5.6 Prior to the OAIC assessment in May/June 2017, the Qantas Group was already expanding its cyber security governance processes and materials to include increased focus on privacy. The Cyber Cooperation Program and Singapores Ministry of Transport has partnered with the Association of Asia-Pacific Airlines, Qantas Group and EY to support the Aviation Cyber Resilience Project, a series of workshops aimed at building cyber capacity in the aviation industry throughout the Asia-Pacific.