data destruction

What should APP Entities include in a data destruction policy?

The Australian Privacy Principles (APPs) contained at Schedule 1 of the Privacy Act 1988 (Cth) (Act) requires APP Entities to destroy or deidentify personal or sensitive information (Protected Information) as soon as reasonably practicable.[1]  Having a data destruction policy (DDP) in place means that everyone in the company knows what information is Protected Information, and when and how it is to be destroyed or deidentified. [Read more…]

Ransomware Payments Bill 2021 (Cth)

Ransomware is a type of software which maliciously denies an organisation access to their own IT systems and often threatens to release information within such a system subject to the payment of a ransom.  The government believes ransomware attacks are Australia’s largest cyber threat.[1]  The Ransomware Payments Bill 2021 (Cth) (Bill) intends to establish mandatory reporting requirements for all of Commonwealth entities, State or Territory agencies, corporations and partnerships who make ransomware payments pursuant to a ransomware attack.  The Bill would see such organisations provide notice to the Australian Cyber Security Centre (ACSC). [Read more…]

Send this to a friend