DrewTech Chapter 16: Speak, friend, and enter - access controls and authorised users

28 May 2025

A key element in any security system is ensuring that only persons who should have access to something (whether physical premises or data) are able to obtain access to that thing. This article looks at some security measures in the context of decisions by the Personal Data Protection Commission, and how well they have fared.

Please click here to read more about the update.

If you missed any of the chapters in our DrewTech series, you can read them below: 

1. Chapter 1: The Importance of an Exit Strategy in Tech Contracts
2. Chapter 2: Employees, technology and a legal hangover - bring your own problems?
3. Chapter 3: I host, you post, I get sued?
4. Chapter 4: Diabolus ex machina - Artificial (un)Intelligence and liability
5. Chapter 5: Bringing Hygiene Online - The MAS Notice on Cyber Hygiene
6. Chapter 6: Signing without signing – contactless contracts
7. Chapter 7: My Kingdom for a Horse – When your Systems are Held to Ransom
8. Chapter 8: New risks in new skins - Updates to the Guidelines on Risk Management Practices – Technology Risk
9. Chapter 9: Of blockchains and stumbling blocks
10. Chapter 10: Service by airdrop - no parachutes required
11. Chapter 11: Large language models and larger legal minefields
12. Chapter 12: Beset on all sides – liability for data breaches 
13. Chapter 13: Pitfalls of user-generated content 
14. Chapter 14: Red queen races – vulnerability disclosure programs
15. Chapter 15: Looking at the man in the middle (in a cyber breach) – allocation of risk