The Australian Privacy Principles (APPs) contained at Schedule 1 of the Privacy Act 1988 (Cth) (Act) requires APP Entities to destroy or deidentify personal or sensitive information (Protected Information) as soon as reasonably practicable.[1] Having a data destruction policy (DDP) in place means that everyone in the company knows what information is Protected Information, and when and how it is to be destroyed or deidentified. [Read more…]
Privacy Law
Government surveillance bill passed by Parliament
On 25 August 2021 Federal Parliament passed the Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021 (Bill). The Bill modifies various acts, including the Surveillance Devices Act 2004 (Cth) (SDA) and the Crimes Act 1914 (Cth) (CA), to enhance the law enforcement powers of the Australian Federal Police and the Australian Criminal Intelligence Commission in respect of serious online crime.[1] The Bill introduces three (3) new warrants:
- data disruption warrants;
- network activity warrants; and
- account takeover warrants.
OAIC Notifiable Data Breaches report – July 2020
The Notifiable Data Breaches (NDB) scheme was established to improve consumer protection and promote better security standards to safeguard personal information in Australia. The NDB scheme applies to all agencies and organisations who are protected by the Privacy Act 1988 (Cth) (Act) and required to take personal steps to secure personal information.
The Australian Information Commissioner (OAIC) publishes reports on notifications received under the NDB scheme to track the leading causes and sources of data breaches, and to draw attention to potential issues and areas that entities regulated under the Act need to have ongoing awareness of. This article summarises the findings of the NDB Report for the period from 1 January to 30 June 2020. [Read more…]
Data breaches: what exactly is serious harm?
The Notifiable Data Breaches Scheme applies to entities (APP Entities) that are required to protect personal information pursuant to the Australian Privacy Act 1988 (Cth) (Act). The Act provides that where an eligible data breach (EDB) occurs, APP Entities in control of that information must notify the Office of the Australian Information Commissioner (OAIC) and the individuals who are affected by the EDB. [Read more…]
Need a reseller agreement?
A reseller agreement (Reseller Agreement) is a contract that entitles one party (Reseller) to sell, market, distribute, or lease a product or service of another (Supplier). Resellers Agreements are also known as distribution, supply or distributor agreements. Often the Supplier is also the manufacturer of the goods but they may be the importer, a developer of the service or a licensee of software or training programs. [Read more…]
Privacy Awareness Week 2019 – 12-18 May 2019
During Privacy Awareness week 2019 Australian businesses are reminded they are entrusted with certain responsibilities pursuant to the Privacy Act 1988 (Cth) (Privacy Act). In particular the way they collect, store and disclose the personal information of their customers. [Read more…]
De-encryption laws to make tech giants cooperate with law enforcement
Updated 4 October 2018 – see De-encryption De-encryption Bill currently before Joint Committee
According to the ABC website, in the next few weeks Cyber Security Minister Angus Taylor is poised to present new legislation which once passed will require technology companies and multinationals to assist law enforcement to access encrypted data of “suspected criminals and terrorists”. Currently, the bill is not yet before parliament but should appear on its website once officially announced.
In February, the government has indicated its plans to tackle criminal use of encryption with the Honourable Peter Dutton MP stating in an address to the National Press Club:
“Law enforcement access to encrypted communications should be on the same basis as telephone and other intercepts,
in which companies provide vital and willing assistance in response to court orders.” [Read more…]
EU General Data Protection Regulations (GDPR) – How to comply
Similar to the Australian Privacy Principles (APP) as set out in the Australian Privacy Act 1988 (Cth) (Privacy Act), the General Data Protection Regulation (GDPR) ‘lays down rules relating to the protection of natural persons and the processing of their personal data.’ The GDPR came into force on 24 May 2016 and became binding on all European Union (EU) member states on 25 May 2018. [Read more…]