Doniz has spent the last three years as head of IT and cyber security at Australia's national airline, including affiliates QantasLink, Qantas Loyalty and Theres The CHESS has responsibility for strategy, policy, systems oversight, monitoring and corporate governance over operational risks of the Qantas Group. Accuweather Ulster County Ny, Wonderful video celebrating so much of who we are as Australians. Qantas Frequent Flyer uses targeted marketing communications (primarily by email) to promote products and offers which may be of interest to members. How We Use Your Personal Information. enable the entity to deal with privacy related inquiries or complaints from individuals. 4.15 The majority of corrections to personal information are completed by members themselves using the self-service facilities online, however, corrections may also be processed by telephone via an interactive voice system (where the member keys in their PIN) or manually via the QFF Service Centre (QFFSC) staff. The Qantas Group is constantly improving its cyber capabilities as part of its overall data and privacy protection. 4.93 QFF uses the Qantas Group-wide privacy policy, also referred to as the Group privacy statement. The policy is dated to reflect when it was last reviewed. Cyber fraud techniques evolve into confidence trick arms race. Crisis response is heavily reinforced in staff training and practice exercises, and involves staff at all levels, including the executive. Qantas group security head Steve Jackson has some simple rules for dealing with IT security: Dont panic, dont overstate the risk, and Section 1 - Summary. provide and operate competitions, promotions and events, distribute newsletters and other communications either directly or through a third party, facilitate participation in Qantas and program partner loyalty programs, conduct marketing activities for Qantas or third party products and services (the collection notice states that this is one of the primary purposes of QFF), conduct market and other research to improve Qantas products, services and marketing activities. strong corporate governance transparency in reporting. 4.31 Compliance with APP 1.2 is fundamentally about good privacy governance. Its current APP 5 collection notification practices appear reasonable and adequate. regularly evaluate its privacy risk management policies and practices to ensure their continued effectiveness. The Qantas Domestic, Qantas International, and Jetstar Group segments offer passenger flying, air cargo, and express freight services. To do this, they must give Woolworths their QFF membership number so that Woolworths can arrange for the Qantas Points to be awarded. January 24, 2017 by AJ Kumar Security policy Security policy is the statement of responsible decision makers about the protection mechanism of a company crucial physical and information assets. Privacy related matters will also be raised during short stand-up meetings, where staff consult each other or offer suggestions on different matters and projects. The business resilience framework assists the Qantas Group in the preparation for, and recovery from, adverse incidents affecting the business and our interests. As travel has rebounded, we have restarted activity to those ports (and some new ones) by making sure our partners were ready for flights. rockhaven homes jonesboro, ga; regular mail or courier citizenship application As part of the membership to the program, the entity operating the loyalty program can collect data about members and their purchasing activities. As the Security Technology Controller, you will be accountable for day to day operational activities across the physical security team including access, surveillance and alarm monitoring services with a focus on Qantas Group ASIC program compliance. When a members accumulated Status Credits reach a designated level, their membership tier level increases (for example from Silver to Gold) and they can receive additional membership benefits, including earning higher rates of Qantas Points. -Adam Kinsella, Product Owner for Network, Network Security, Qantas. QFF sometimes utilises independent third parties to conduct external PIAs, however, the majority are conducted informally and in-house, and are built into its project management processes. We have rigorous security measures in place, as well as security teams working to protect our customers details and accounts. The Qantas Groups FY21 performance for Total Recordable Injury Frequency Rateimproved compared to the prior year, while our Lost Work Case Frequency Rate was slightly higher. The most important thing is clarity. The Prime Minister's $230 million Cyber Security Strategy The Australian Crime Commission estimates the annual cost of cyber crime to His appointment as Qantas group CISO was part of a significant revamp of the cyber security function at the airline. 4.78 As stated above, QFF holds all personal information in data warehouses, with highly restricted access. 4.44 The Group-wide crisis management plan is comprised of a series of procedures that enable staff to respond to the various kinds of crises that may arise across the Group. Within this Group-wide plan, there are business unit specific plans, which are owned by key senior staff in each group. If the staff member attempts the training but does not receive a 100% pass rate, training is not marked as completed and the online training system will continue to remind the staff member to complete the training. Therefore, the OAIC recommends that QFF, along with Qantas, formalises the current cyber security governance material, such as the GCSC charter documents, to specifically encompass privacy. Your use of these systems may be monitored and investigated to ensure compliance with the law and Qantas Policies. The Group is keenly aware of the risk posed by trusted insiders people who seek to use privileged access provided in the context for doing their jobs to facilitate illegal activities, such as transporting illicit substances. This includes aviation safety, WHS, environment, security (including cyber security) and business resilience matters. Weve overcome many obstacles in our long history and this is because weve quickly responded to changing environments and worked hard to produce the right outcome helped by the resilience of our people and their commitment to the national carrier. 4.89 The OAIC and CSIROs Data61 have published a De-identification Decision-Making Framework, which may provide QFF with further practical guidance to effectively de-identify information that is used for data analytics purposes. Executive Summary. 3.8 QFF stores data in a separate, partitioned section of the Qantas Group IT Environment. We may contact you using the below methods: A phone call from one of our fraud analysts. In addition, Jetstar's head of cyber security Yvette Lejins started a broader Group role at Qantas this month as the head of 'cyber business protect', which covers the Jetstar Group, Qantas . These are the Qantas Group Policies: 1. However, it is a difficult decision for Australia-based Qantas Group is set to order 12 Airbus A350-1000 planes and 40 narrowbody jets to improve services for passengers. An automated voice-activated call from our telephone alert system, from 1300 754 566. The DISO may also determine that a more comprehensive security review or a formal PIA is needed. Qantas is experiencing an extremely competitive market as the government strengthens the security laws for internationally and domestically which has led to huge drop in passenger number. Login. Threats and exploits cant get through, and Umbrella gives us confidence because we know that our users are protected when theyre surfing the internet on or off the network.. The COVID-19 pandemic presented many challenges to our organisation and our people to work through. In addition, Jetstars head of cyber security Yvette Lejins started a broader Group role at Qantas this month as the head of cyber business RAAF Base Curtin to see $244m upgrade; Bonza bound for Tamworth with flights from Melbourne, Sunshine Coast; Podcast: How Lockheed Martin On 2 July 2019, we became aware of a fraudulent website that looked like the Qantas Super login page and used a similar website address. This means that the policy may be too complex for some readers, who are younger or who have a lower literacy level, to understand, and this could affect some QFF members. 4.1 This part of the report sets out the OAICs observations, the privacy risks arising from these observations, followed by suggestions or recommendations to address those risks. We take active, quality measures to help you keep safe online and we also encourage our members to do what's possible to protect their account and personal information. The observations and information contained in this report reflect the circumstances as at the date of the assessment (June 2017). CISAs Role in Cybersecurity. The OAIC has not identified any privacy risks based on the assessment scope and the above-mentioned observations. [10], 4.95 APP 1.4 contains a prescriptive list of information that an APP entity must include in its privacy policy,[11] as well as a list of other information that could be included, depending on the circumstances of the entity, to describe how the entity manages personal information.[12]. Location: Mascot, Australia. Access to this list is heavily restricted to a needs-only basis. Safe growth: The Qantas Group has announced orders for a range of new aircraft. Qantas is part of the Airlines, Airports & Air Services industry, and located in Australia. As part of meeting its obligations under APP 1.2, QFF should develop and implement a PMP, to be reviewed annually, that sets out specific goals and objectives for its privacy management with consideration of the specific issues that apply to its operations. QFF advised that this trial was being expanded and QFF would eventually roll out multi-factor authentication to all members. 4.74 Qantas Frequent Flyer applies data analytic techniques, and then uses this data for targeted advertising and marketing. 5.6 Prior to the OAIC assessment in May/June 2017, the Qantas Group was already expanding its cyber security governance processes and materials to include increased focus on privacy. Furthermore, marketing and analytics staff are in constant consultation with QFF Legal in relation to changes or new ideas. 4.25 Qantas cyber security governance is the responsibility of the Group Cyber Security Committee (GCSC), who monitors, reviews and ensures the effectiveness of cyber risk strategy, systems, policies and procedures. Former IHS Markits group chief information security officer, Darren Argyle, has been appointed ongoing CISO at the airline, with his tenure as its cyber security chief to begin later this month.. Argyle was appointed to the CISO role after a recruitment process that began last year as part of a cyber security strategy revamp.. Qantas in December appointed a new But it might still face a legal storm if its policy is tested before a tribunal or court. 4.65 Training is conducted through an internal online training database. Competitive quotes in real time. We learned from nearly 12 million ratings that companies with an F are 7.7 times more likely to be impacted by a breach versus those with an A. 5.2 QFF sincerely appreciates the OAIC assessment finding that it has robust and effective privacy practices, and QFF acknowledges that an ongoing compliance commitment is required to protect the privacy and maintain the security of the personal information it holds. If staff clicked the enclosed link, they were redirected to a notification page informing them that they had failed a phishing test. 3.2 QFF is a points-based rewards program and members may earn Qantas Points by purchasing products and services from Qantas or any of its program partners. The OAIC recommended that QFF: 2.1 Loyalty programs are popular with consumers and businesses alike, with one Australian consumer research study reporting that 87 percent of Australians aged 18 and older were members of a loyalty program in 2017. Additionally, the OAIC has recently released an online PIA learning tool which aims to better equip organisations with the knowledge to conduct an in-house assessment. 4.100 The OAIC reviewed QFFs online notice relating to the collection of information from individuals against the requirements of APP 5 in order to ensure its compliance. Qantas and its related bodies corporate are referred to as Qantas Group in this report. 4.28 Business units obtain advice and assessments of privacy related matters from the Legal team via formal PIAs, written email advice and oral advice given in pre-arranged meetings. Enterprise security management (ESM) issues directly revolve around the management of Qantas group itself. New Restaurants In Perrysburg Ohio, Qantas has been looking for a security head since August last year. When we receive your email, we send an automatic email acknowledgment. 4.10 Whilst all QFF personal information is stored in Australia, QFF use several offshore customer service centres. QFF also has contractual rights to audit the third party and the QFF information they hold throughout the course of the relationship. How can I be sure my Frequent Flyer account details are secure? The cyber safety of Qantas Frequent Flyers is a priority for us. Qantas. Qantas Customer Story. Relying on this document to guide a privacy impact assessment (PIA) may result in some personal information being mishandled or privacy risks not being adequately captured by a PIA. 6.5 OAIC assessments are conducted as a point in time exercise. This anonymous identification number is used for most internal transactions relating to the members account to limit the number of staff with access to personal information. clear knowledge of information assets held and a range of ICT security measures in place to safeguard these. Qantas Location 10 Bourke Rd, Mascot, New South Wales, 2020, Australia Description Industry Airlines, Airports & Air Services Transportation 4.30 At the time of the assessment, the Qantas Group was investigating whether it would be required to appoint a data protection officer under the upcoming GDPR requirements. Where privacy complaints are received outside of this process (including by phone or by mail), a file/record is created in the complaints handling system. However, one current exception is QFFs partnership with Woolworths, as Woolworths Everyday Rewards (WER) members may opt-in to earn Qantas Points as their reward under the WER program, automatically converting WER points they earn when shopping at Woolworths into Qantas Points. To safeguard members personal information, QFF have implemented measures, such as overseas contract staff background checks and provisions in employment contracts related to the handling of personal information. 4.33 A network of privacy champions across business units within the Qantas Group, including a dedicated QFF privacy champion, would help to identify and communicate privacy risks, as well as good privacy practices, across the Group. Qantas Groups policies and business practices over the next 12 months. It would be unlikely that all of the Qantas Group 22,000 employees are exposed or create the same level of risk to COVID-19. Spoiler alert: SecurityScorecard customers realize investment payback in under a quarter. Cyber Security Consultant at Qantas Group Greater Melbourne Area 500+ connections. This enhances the accountability of APP entities in relation to their personal information handling practices. A Qantas 747-438(ER) VH-OEH departs runway 16 at YMML bound for the Antarctic (Victor Pody) Qantas has pushed back its plan to restart international flying from 31 October to late December 2021 following the news that borders are unlikely to open until mid-2022. The Qantas Group is committed to complying with all applicable laws and regulations, and to conducting business with the highest standards of ethics and integrity. Like many large organisations, we operate in an environment of ever-evolving cyber threat, where external attackers are always adopting new and more sophisticated techniques. QFF regards personal information as its chief business asset and has invested multiple resources to safeguard it. 3.4 Registration involves collecting a variety of personal information from individuals, including: 3.5 Following registration, members receive a membership number, confirmation email, and a membership pack including a QFF card. 4.54 All new projects require a security impact assessment (SIA), and staff have access to the relevant form on the Qantas Intranet. 4.69 At the time of the assessment, QFF had recently undertaken a test exercise, where IT sent false phishing emails to selected QFF staff email accounts. Qantas Frequent Flyer then uses this and other information collected at various points throughout their membership, including when members earn and redeem Qantas Points and their interactions with marketing campaigns, to analyse member behaviours and identify target members for marketing campaigns. Risk assessments are conducted on relevant third party suppliers and we work with them to address any material risks identified. Please refer to Qantas Group Policies available on the Qantas Intranet or from your manager or people representative for details. IAPP Asia Advisory Board Member & Singapore Chapter Co-Chair, DPO & Privacy Program Manager, International SOS RAAF Base Curtin to see $244m upgrade; Bonza bound for Tamworth with flights from Melbourne, Sunshine Coast; Podcast: How Lockheed Martin 10.Security Policy. We comply with government and regulatory agencies to integrate risk strategies through a holistic approach ensuring a robust framework is in place to counter any crisis management, contingency planning and business continuity event. In Qantas Frequent Flyer and Qantas Business Rewards remain at the core of the program, while the business has evolved to include a number of new ventures and other businesses such as Qantas Money, Qantas Insurance and Qantas Wine. The OAIC recommends that QFF develops and implements a PMP that sets out specific goals and objectives for its privacy management with consideration of the specific issues that apply to its operations. [12] See paragraphs 1.33 and 1.34 of the APP Guidelines. 4.92 Under APP 1.3, APP entities must have a clearly expressed and up to date APP privacy policy that explains the entitys handling of personal information. Our Code of Conduct is the ultimate guide for how we do things at Commonwealth Bank. Whether travelling for business or leisure, we understand that every group has unique travel needs; and that's why we offer a range of benefits available exclusively to group travellers to help make your customers journey a seamless one. Qantas suffered a 30 percent turnover in its technology personnel as the airline battles staff loss, in the wake of repeated Covid-19 lockdowns. [2] See - Coles flybuys and Woolworths Rewards: what is the price of loyalty? The Qantas Group continues to support key external initiatives under the Australian Governments Cyber Security Strategy, the voluntary ASX100 Cyber Health Check,and joint Commonwealth and private sector meetings, including the inaugural AustraliaUnited States Cyber Security Dialogue to discuss ways to collaborate on better security outcomes. develops and implements a privacy management plan that considers privacy goals and targets, and how to meet them. The program covers both work-related and non-work-related conditions. The time taken to resolve complaints depends on their complexity. 4.76 In relation to the use of personal information for marketing and analytics purposes, QFFs APP 1 privacy policy and collection notice state that members personal information may be used to: 4.77 Potentially sensitive information gathered by the airline, such as meal preferences and medical conditions, is not used by, or accessible to, the QFF marketing and analytics teams. Code of Conduct and Ethics; 2. Business Resilience Policy; 3. Blue Wheaten Ameraucana, ravel hotel trademark collection by wyndham yelp. Our Fly Well program included a number of temporary and existing wellbeing measures to safeguard travel during the pandemic, to give our customers peace-of-mind at each point of their journey across our Australian domestic, trans-Tasman and international networks. Both QFF Legal and the CIO have veto power over any and all projects. The ability to respond seamlessly to events that impact the Group is fundamentally important in ensuring continued Group operations in the event of a discontinuity of service, mitigating risks and minimising disruptions to our customers. Core Qantas Group policies are reviewed annually, and if any changes are made, they require approval of the Qantas Board (the Board). The DISO assesses the security implications of the project and considers mitigation strategies for cyber security risks. Take a look at the 10 factor categories at the core of SecurityScorecards rating methodology. The OAIC recommends that QFF continues to build the profile of privacy across the Group by: 4.36 QFF follows the Qantas Group risk management practices, policies and procedures. Oct 2016 - Present6 years 4 months. In 2020, security breaches cost businesses an average of $3.86 million, but the cost of individual incidents varied significantly. Doniz served as Qantas group CIO from January 2017, and at Boeing will the CIO and senior VP of information technology and data analytics. When you're managing the travel needs of multiple people, we understand the size of the group can often change. We take active, quality measures to help our members keep safe online and also encourage our members to do what's possible to protect their account and personal Cann Group chief executive Peter Crock says the group has not been able to recover $3.6 million in payments after a cyber fraud.