The Australian Privacy Principles (APPs) contained at Schedule 1 of the Privacy Act 1988 (Cth) (Act) requires APP Entities to destroy or deidentify personal or sensitive information (Protected Information) as soon as reasonably practicable.[1] Having a data destruction policy (DDP) in place means that everyone in the company knows what information is Protected Information, and when and how it is to be destroyed or deidentified. [Read more…]
Privacy Law
Government surveillance bill passed by Parliament
30 September 2021 by
On 25 August 2021 Federal Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill). The Bill modifies various acts, including the Surveillance Devices Act 2004 (Cth) (SDA) and the Crimes Act 1914 (Cth) (CA), to enhance the law enforcement powers of the Australian Federal Police and the Australian Criminal Intelligence Commission in respect of serious online crime.[1] The Bill introduces three (3) new warrants:
- data disruption warrants;
- network activity warrants; and
- account takeover warrants.
Ransomware Payments Bill 2021 (Cth)
23 August 2021 by
Ransomware is a type of software which maliciously denies an organisation access to their own IT systems and often threatens to release information within such a system subject to the payment of a ransom. The government believes ransomware attacks are Australia’s largest cyber threat.[1] The Ransomware Payments Bill 2021 (Cth) (Bill) intends to establish mandatory reporting requirements for all of Commonwealth entities, State or Territory agencies, corporations and partnerships who make ransomware payments pursuant to a ransomware attack. The Bill would see such organisations provide notice to the Australian Cyber Security Centre (ACSC). [Read more…]
OAIC Notifiable Data Breaches report – July 2020
26 August 2020 by
The Notifiable Data Breaches (NDB) scheme was established to improve consumer protection and promote better security standards to safeguard personal information in Australia. The NDB scheme applies to all agencies and organisations who are protected by the Privacy Act 1988 (Cth) (Act) and required to take personal steps to secure personal information.
The Australian Information Commissioner (OAIC) publishes reports on notifications received under the NDB scheme to track the leading causes and sources of data breaches, and to draw attention to potential issues and areas that entities regulated under the Act need to have ongoing awareness of. This article summarises the findings of the NDB Report for the period from 1 January to 30 June 2020. [Read more…]
Data breaches: what exactly is serious harm?
26 February 2020 by
The Notifiable Data Breaches Scheme applies to entities (APP Entities) that are required to protect personal information pursuant to the Australian Privacy Act 1988 (Cth) (Act). The Act provides that where an eligible data breach (EDB) occurs, APP Entities in control of that information must notify the Office of the Australian Information Commissioner (OAIC) and the individuals who are affected by the EDB. [Read more…]
Need a reseller agreement?
21 May 2019 by
A reseller agreement (Reseller Agreement) is a contract that entitles one party (Reseller) to sell, market, distribute, or lease a product or service of another (Supplier). Resellers Agreements are also known as distribution, supply or distributor agreements. Often the Supplier is also the manufacturer of the goods but they may be the importer, a developer of the service or a licensee of software or training programs. [Read more…]
Privacy Awareness Week 2019 – 12-18 May 2019
14 May 2019 by
During Privacy Awareness week 2019 Australian businesses are reminded they are entrusted with certain responsibilities pursuant to the Privacy Act 1988 (Cth) (Privacy Act). In particular the way they collect, store and disclose the personal information of their customers. [Read more…]
Abhorrent violent material prohibited
12 April 2019 by
The Australian Parliament has promptly passed the Criminal Code Amendment (Sharing of Abhorrent Violent Material) Act 2019 (Cth) (Act) according to the Explanatory Memorandum in response to the events of the March 2019 mass shooting in Christchurch, New Zealand. The Act creates various new sections of the Criminal Code Act 1995 (Cth)(Criminal Code) and in particular section 474.33 and 474.34 creates (2) new offences in relation to “internet service providers, content service providers and hosting service providers” (Service Providers) as follows: [Read more…]
De-encryption laws to make tech giants cooperate with law enforcement
20 July 2018 by
Updated 4 October 2018 – see De-encryption De-encryption Bill currently before Joint Committee
According to the ABC website, in the next few weeks Cyber Security Minister Angus Taylor is poised to present new legislation which once passed will require technology companies and multinationals to assist law enforcement to access encrypted data of “suspected criminals and terrorists”. Currently, the bill is not yet before parliament but should appear on its website once officially announced.
In February, the government has indicated its plans to tackle criminal use of encryption with the Honourable Peter Dutton MP stating in an address to the National Press Club:
“Law enforcement access to encrypted communications should be on the same basis as telephone and other intercepts,
in which companies provide vital and willing assistance in response to court orders.” [Read more…]
EU General Data Protection Regulations (GDPR) – How to comply
25 May 2018 by
Similar to the Australian Privacy Principles (APP) as set out in the Australian Privacy Act 1988 (Cth) (Privacy Act), the General Data Protection Regulation (GDPR) ‘lays down rules relating to the protection of natural persons and the processing of their personal data.’ The GDPR came into force on 24 May 2016 and became binding on all European Union (EU) member states on 25 May 2018. [Read more…]
