By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid
You’ve reached the end of a long week, riddled with proselytising about the importance of being privacy aware and privacy prepared. You get it! You lay your head to a well-earned rest…and like Kate McCallister wake screaming “Privacy Policy”! In true “back-to-basics” fashion, the privacy policy is getting a reboot!
Read More
By Cameron Abbott, Rob Pulham and Stephanie Mayhew
Given the current privacy reform and cyber threat environment, the question we get asked a lot is – what are the privacy risks that should be assessed in our organisation and how do we prioritise these? Unfortunately this isn’t always a ‘one size fits all’ answer but there are some basic matters you can check as to whether your organisation is considering privacy risks proactively.
Read More
By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid
The APPs require organisations to “take reasonable steps to implement practices, procedures and systems that ensure compliance with the APPs”. Putting your mind to privacy after a data breach or complaint is very much shutting the stable door after Phar Lap has bolted (good luck getting him back!)
Good privacy management starts with a good privacy culture in your organisation. Recommended steps to develop this include:
Read More
By Cameron Abbott, Rob Pulham, and Stephanie Mayhew
With the cyber threat landscape significantly evolving, we are seeing companies – large and small – experience attacks. Recent high-profile attacks have shown that these breaches are alarming, targeting a range of sectors. With millions of Australians more concerned about their privacy than ever before, the federal government is making privacy a priority with the Attorney-General’s Department recently releasing 116 recommendations to amend the Privacy Act. The federal government has also made proposals to consider a new Cyber Security Act and strengthen existing laws around this space.
Read More
By Cameron Abbott, Rob Pulham, and Stephanie Mayhew
The theme of this year’s Privacy Awareness Week (PAW) is “back to basics”. It’s fitting to consider some lessons arising from recent high-profile breaches affecting millions of Australians, and the consistent messages we’ve been hearing from the Australian Information Commissioner in the midst of those incidents.
Data breaches can happen to anyone. We know cyberattacks can be big business, and sophisticated criminal networks make a good living from these. And if your organisation has taken reasonable steps to avoid or mitigate such breaches, the fact you’ve encountered one will not, of itself, be held against you.
Read More
By Cameron Abbott, Rob Pulham, Stephanie Mayhew and Dadar Ahmadi-Pirshahid
We saw last year how low hackers are willing to stoop to shame companies into paying ransoms, including leaking sensitive information aimed at embarrassing individuals affected by data breaches. As a result we also saw prominent calls for ransom payments to be ‘banned’, to reduce the financial incentives for hackers to target Australians’ personal information.
We are now hearing the flipside to that argument, with AGL Energy warning that a government-imposed ban on companies paying cyber ransoms to hackers could cause “catastrophic damage”.
Read More
By Amigo L. Xie
2023 is destined to be a big year for the hottest issues of the China Personal Information Protection Law (PIPL) for MNCs doing business in or with China especially in the areas of: cross-border personal data transfers, localization, compliance, and enforcement.
It is worth noting the following milestones in your timeline for China data privacy compliance in 2023:
Read More
By Cameron Abbott, Rob Pulham and Dadar Ahmadi-Pirshahid
Not content with merely implementing broad-scale privacy reform, the Government has announced a new position, the Coordinator for Cyber Security to be added to the Department of Home Affairs as a step towards their aim of “making Australia the most cyber secure nation by 2030“. This would seem to be a rather aspirational target!
The Coordinator will be supported by a National Office for Cyber Security, and their role will be to oversee steps to prevent future cyber security incidents and to help manage cyber incidents as they occur.
Read More
By Cameron Abbott, Rob Pulham and Stephanie Mayhew
The section of the Report dealing with the employee records exemption highlighted significant debate and difference of opinion. Employers expressed a strong desire to retain or even strengthen the exemption; employee representatives consider reform is needed.
In that context the Report does not conclude how the changes should take effect, but proposals 7.1(a)-7.1(d) recommend stronger protection of private sector employee information, to:
What does this mean for my organisation?
Private sector employers who don’t yet have a good grasp of the breadth of information they collect and hold about their employees will need to stocktake their collection activities and sharpen their focus on why they collect such information; prepare appropriate collection notices and employee privacy policies (if not used already); and ensure employee information is appropriately covered in their security measures and considered in their data breach response plans.
Read More
By Cameron Abbott, Rob Pulham and Stephanie Mayhew
Under proposals 4.1-4.4 of the Report, changes to broaden the definition of Personal Information are on the horizon. Under the proposed amendments, the word “about” in the definition of Personal Information will be amended to “relates to”. That is – “information or an opinion that relates to an identified individual…”. This brings the definition in line with other legislative frameworks that regulate privacy and ensures consistency with the language used in the GDPR definition of ‘Personal Data’.
Amendment of the definition of ‘collection’ is also proposed to expressly cover information obtained by any means, including inferred or generated information. The Report also states that ‘reasonably identifiable’ should be supported by a non-exhaustive list of circumstances to which APP entities will be expected to have regard to in their assessment of what is ‘Personal Information’.
What does this mean for my organisation?
With such a broader interpretation, APP entities will need to have regard to a larger set of information that could fall within the definition. This will see information such as mobile location data, IP addresses, social media handles, mobile advertising IDs and other technical information more clearly fall within the definition.
Read MoreCopyright © 2024, K&L Gates LLP. All Rights Reserved.