Privacy Awareness Week (PAW) 2023-24

Privacy Awareness Week (PAW) 2023-24

AU Energy Compliance, Compliance
What is Privacy Awareness Week (PAW)? Privacy Awareness Week is an annual event held in Australia by the Office of the Australian Information Commissioner (OAIC) to raise awareness about privacy issues and promote the importance of protecting personal information. The event is typically held in May and involves a range of activities and events, such as webinars, workshops, and social media campaigns. In 2023-24, Privacy Awareness Week is expected to focus on the importance of privacy in the digital age and the need for individuals and organisations to take proactive steps to protect personal information in online environments. What is PAW 2023-24? The upcoming PAW in 2023 will be held from Monday 1 May to Sunday 7 May. This year's theme is "Back to Basics," which emphasises the fundamental principles…
Read More
Mandatory Data Breach Reporting and Planning

Mandatory Data Breach Reporting and Planning

AU Energy Compliance, NT Energy Compliance
Failing to plan is planning to fail when it comes to data security and breach responses. In this post, we examine the regulatory obligations of entities under the notifiable data breach (NDB) scheme. Specially, we examine when reporting is mandatory and what the features of a broader effective response plan are. When is reporting mandatory? The NDB scheme is found in Part IIIC of the Privacy Act and requires certain businesses to notify affected individuals and the Privacy Commissioner of certain data breaches. The reporting obligation kicks in where there is an ‘eligible data breach,’ which is a data breach where: there is unauthorised access to or disclosure of personal information held by an entity (or information is lost in circumstances where unauthorised access or disclosure is likely to occur);…
Read More
Understanding GDPR: Opportunities and Risks

Understanding GDPR: Opportunities and Risks

Consumer, Uncategorized
In this post on understanding GDPR, we'll look at the following: Data Disruption Regulation in the age of Data The GDPR Opportunity? What are the Next Steps? The post forms the commentary by our regulatory specialists on a recent webinar on understanding GDPR conducted for our clients and interested parties. Below is the video content of the webinar: Introducing Anne Wardell - Compliance Quarter Regulatory Specialist Anne is a former of the Victorian Bar with over thirty years' experience as a lawyer. She was also the National Director of Insolvency at the ATO and a Deputy Registrar of the Federal Court of Australia. She was an insolvency specialist acting for liquidators, banks and the Official Receiver, before moving into compliance and regulations. She has advised energy retailers in relation to…
Read More
A new Consumer Data Right for 2018: What we Know So Far

A new Consumer Data Right for 2018: What we Know So Far

Consumer, Uncategorized
On 26 November the Federal Government announced its intention to legislate a national Consumer Data Right next year, following the recommendations of the Productivity Commission (which you can view here). In today’s article we look at what we currently know about this proposed data right and suggest how it relates to existing data rights and other changes proposed by the Government. [caption id="attachment_2680" align="aligncenter" width="640"] Photo by Pana Vasquez on Unsplash[/caption] By Dr Drew Donnelly, Compliance Quarter. What we know so far The Government will announce its formal response to the Productivity Commission’s Inquiry Report Data Availability and Use (PC Report) in a few weeks time, so this announcement is a ‘sneak peek’, with more detail to be released shortly. Nevertheless, there are a few things that we know from…
Read More
Data Protection Officer – Which Businesses Need One & What do they do?

Data Protection Officer – Which Businesses Need One & What do they do?

Uncategorized
We have previously looked at the sweeping changes to privacy laws coming into effect in the EU. These laws will have an impact on a number of Australian businesses. One of the first steps towards GDPR compliance is to identify whether your business is captured under Article 37 and requires the appointment of a Data Protection Officer ('DPO'). Reading this article will give you the option of downloading our free report on DPO, written by Dr. Drew Donnelly, Compliance Quarter. Download our free report for further details on the DPO by following the instructions in the popup box. Alternatively, you can complete our FREE GDPR Readiness Questionnaire so that we can help you assess where you stand with GDPR and the work required. Our initial assessment and response is free…
Read More
OAIC Annual Report 2017: Three developments of note for businesses that deal with personal information

OAIC Annual Report 2017: Three developments of note for businesses that deal with personal information

Uncategorized
The Office of the Australian Information Commissioner (OAIC) released its Annual Report last month. It summarises the work of the OAIC over the 2016-2017 year, and indicates areas of future focus. Today we look at three areas developments signalled in the Annual Report which may affect any business that deals with personal information. Ongoing implementation of the mandatory Notifiable Data Breach (NDB) regime We have talked about the Privacy Amendment (Notifiable Data Breaches) Act 2017 before (https://compliancequarter.com.au/business-prepared-roll-notifiable-data-breaches-scheme/) This new legislation establishes a mandatory Notifiable Data Breaches (NDB) scheme that will apply to federal government agencies and businesses covered by the Privacy Act 1988 (the Privacy Act)[1]. This new legislation means that from 22 February 2018, organisations covered by the Privacy Act will have to notify individuals, where there is a…
Read More
The Productivity Commission’s proposed comprehensive consumer right to data

The Productivity Commission’s proposed comprehensive consumer right to data

Uncategorized
By Dr Drew Donnelly, Compliance Quarter. Over the last couple of weeks we have asked the question ‘Is your business prepared for roll out of the Notifiable Data Breaches Scheme?’, we have also discussed the impact that recent changes to European Union (EU) privacy laws may have on businesses that hold information on EU citizens. Today, we look at a proposed change to data regulation in Australia that would see individual privacy playing a more muted role in a new comprehensive consumer right to data. This right is proposed in the Productivity Commission’s Inquiry Report into Data Availability and Use. For the full 658-page report see http://www.pc.gov.au/inquiries/completed/data-access/report/data-access.pdf. Australia’s under-utilised resource The Productivity Commission (The Commission) observes that Australia is behind other countries with similar governance arrangements (such as New Zealand…
Read More
Is your business prepared for roll out of the Notifiable Data Breaches Scheme?

Is your business prepared for roll out of the Notifiable Data Breaches Scheme?

Uncategorized
This is our second post on the Notifiable Data Breaches Scheme. Amendments made to the Privacy Act 1988 (Cth) this year, create new obligations for certain Australian business entities and organisations with respect to data beach notifications. The changes will come into effect on 22 February 2018. Will my business be affected by the Scheme? Only government agencies, companies, businesses and organisations that are ‘APP entities’ who already have obligations with respect to personal information under the Privacy Act will be affected by the Scheme. Generally speaking, this includes federal government agencies, private sector and not-for profit organisations that have an annual turnover in excess of $3 million as well as certain businesses with an annual turnover of less than $3 million (small businesses) that handle personal information. If you…
Read More
Notifiable Data Breaches: Draft Resources Released

Notifiable Data Breaches: Draft Resources Released

Uncategorized
Last Friday the Office of the Australian Information Commissioner (OAIC) released draft resources to help businesses comply with the Notifiable Data Breaches (NDB) scheme. Under the NDS scheme, organisations covered by the Privacy Act are required to notify individuals if their personal information is involved in a data breach that is likely to result in serious harm. This will be an important area of compliance for all APP entities. The resources published on Friday cover: • Entities covered by the NDB scheme • Notifying individuals about an eligible data breach • Identifying eligible data breaches • The Australian Information Commissioner’s role in the NDB scheme. This is the first in a series of posts looking at the NDB scheme. In this post, we will examine the definition of a Notifiable Data Breach based…
Read More