Australian Privacy Act

Privacy laws are front and center for most countries in 2022, and Australia is no exception. The Australian Privacy Act addresses the management and handling of personal data. It applies to any organization that holds data on Australian citizens, irrespective of where it is located. The penalty for non-compliance with this regulation is severe, with fines of up to $1.8million. That's to say nothing of the long-term damage to reputation. How can organizations ensure they are compliant?

It's a significant challenge, because the Australian Privacy Act is constantly evolving. Following a major round of amendments in 2014, the Privacy Amendment (Notifiable Data Breaches) Bill 2017 meant that all entities covered by the Australian Privacy Principles (APPs) now have clear obligations to report eligible data breaches.

Organizations must be aware of any changes that may occur due to these consultations. For now, though, the focus is to notify users when their data has been compromised in a data breach. Organizations will need to inform those affected and the information commissioner within 30 days of a data breach occurring.

The first step should always be to understand what private personal data needs to be protected before putting the right resources and policies in place. This should involve data protection, which enables a data-centric approach to protecting personal information. 

Key Requirements 

• Failure to report a breach can lead to fines of up to $1.8 million for organizations or $360,000 for individuals.
• Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
• The act is not just applicable to organisations based in Australia, but to any organisation globally that holds data on Australian citizens.
• Affects organizations with an annual turnover of more than $3 million.