Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.
The Commonwealth Privacy Act 1988 defines how your business should handle and manage any personal information about your employees, customers and anyone else who has entrusted you with private information. It includes 13 Privacy Principles and the Notifiable Data Breaches (NDB) scheme, and is supported by similar state privacy acts.
The Act and Principles apply to organisations with an annual turnover above $3 million and all government agencies, health sector providers and small businesses
Private information is identifying information like peoples’ names, addresses, positions, medical and bank records, telephone numbers, and other contact details. It also includes any opinions they may have recorded or your comments about them.
Both you and your business must comply with principles and actions defined in the Privacy Act, NDB scheme, Australian Privacy Principles and state acts. You may also have international obligations under foreign laws.
The Act and Principles include an expectation that you will have strong cyber security framework that includes regular penetration testing, riskt assessments, access control reviews and other services.
Sense of Security’s privacy experts can advise you on how to meet the requirements of the Act and Principles, your reporting obligations and how the Australian and State acts overlap.
The 13 Australian Privacy Principles (APPs) are part of the Privacy Act 1988 and meeting them will largely meet the compliance needs of international legislation as well.
The Principles cover:
The Principles are comprehensive and require you to have policies and procedures in place for information management if you are to meet them effectively.
Those procedures are similar to the policies and procedures you need for good cyber security, and in many cases, they cross over between disciplines.
There are penalties for non-compliance with the Privacy Act and the Principles. Any cyber security breach can compromise the personal information you hold and could put you in breach of the APP’s.
Sense of Security’ security and privacy experts hold globally-recognised industry certifications for assessing risks, improving security and tightening processes. Our professionals will assess your business’s level of security maturity and compliance.
Our team uses a three-stage process that includes:
The Notifiable Data Breaches (NDB) scheme is an amendment to the Commonwealth Privacy Act 1988 that requires organisations to notify impacted individuals and the Australian Information Commissioner (OAIC) when any information held by the organisation is accessed without authorisation, or lost.
The scheme mandates reporting and notification that ahd previously been recommended as best practice by the OAIC.
With many businesses, focusing purely on local requirements is not enough. Many businesses trade internationally and must comply with European and other legal frameworks.
Other businesses use cloud servers overseas to store local information for local use.
In all of these scenarios, an understanding of the international requirements for storing and handling of information is important.
Sense of Security can work with you to navigate overseas laws regulating the collection and management of personal information, and the potential risks and rewards of using servers located overseas.