National Privacy Awareness Week (PAW) is a great time to reflect on the recent significant changes in Australia’s privacy and data protection regime, which bring our legislation more in line with international standards. As a result, many Australian agencies and organisations are now subject to new compliance obligations under the notifiable data breaches (NDB) scheme and increased scrutiny.
Navigating these obligations, as well as the additional implications of the upcoming European General Data Protection Regulation (GDPR), is a must for any organisation seeking to manage the ongoing and complex privacy and data security issues faced by businesses today.
You are affected by the NDB Scheme if your organisation
In addition, you are subject to GDPR if your Australian business
Have a detailed privacy framework in place that includes a battle-tested data breach response plan, and ensure this is GDPR compliant where applicable.
You would benefit from an assessment of your current privacy framework if you are unsure of the answers to one or more of the questions below.
Identify the ‘critical data assets’ you keep within your organisation, how they are stored and where they are located.
Ensure these include a complaints handling system and a data breach response plan that involves your C-Suite, IT, human resources, legal and public relations departments.
Staff must receive regular training and updates to ensure they are aware of your organisation’s compliance obligations (including the new, more stringent requirements under GDPR).
For organisations subject to the NDB Scheme:
For organisations subject to GDPR:
For government agencies subject to the AGAP Code:
Front-end advice on enterprise-wide privacy compliance, including: managing sensitive information, marketing campaigns and branding activities, surveillance, handling investigations and complaints, review of privacy and credit reporting policies, collection notices, conducting Privacy Impact Assessments and audits, review of vendor contracts and privacy/data breach response clauses, and assessing application of the GDPR.
Help your organisation develop or update its information management and risk framework to manage, protect and enhance data through its full life cycle, as well as in relation to specific projects and campaigns. Includes due diligence, M&A activities, big data analytics and technological developments, NDAs and breach of confidence, developing cyber resilience and data security health checks.
Work with your organisation to develop a comprehensive data breach response plan (including cyber breaches), help allocate roles and responsibilities, and develop processes and checklists that will help you fulfil your obligations in the event of a data breach.
Help organisations in crisis respond to investigations, regulatory action, and data security breaches in a way that protects your business, minimises serious harm to customers, and mitigates financial and reputational damage. Post breach/investigation training and review to ensure your organisation addresses data security and privacy risks going forward.
Ensure your staff are privacy aware through our e-learning courses focusing on privacy, the NDB scheme, and GDPR. Some courses have been specially tailored to apply to Queensland and Victorian government departments.