In February 2017, the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 bringing Australia in line with other countries globally. These laws are in effect, meaning businesses need to be aware if their compliance obligations with the new legislation.
This amendment requires businesses to not only report unauthorised access to, or disclosure of, personal information, but also to investigate any suspicions of a data breach, whether or not there are reasonable grounds to believe that one has occurred.
APP 11 requires an APP entity to take active measures to ensure the security of personal information it holds, and to actively consider whether it is permitted to retain personal information.
An APP entity that holds personal information must take reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure
An APP entity must take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs
To minimise business and reputational risk, it’s important that your current procedures, controls and processes are in line with security standards. Content Security can: