Supporting Australian Privacy Act Compliance
Fortra's Data Classification solutions support compliance with the Australian Privacy Act including this amendment by:
Ensuring appropriate control of confidential or sensitive information
Classifying or labeling data with visual (and metadata) labels to highlight any special handling requirements
Alerting users when personal data is leaving the organization to warn or prevent them from sending messages that contain sensitive information
Educating users about the sensitivity of data while ensuring adherence to corporate policy
Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities
Enabling rapid search and data retrieval based on classification labels to support subject access requests
Utilizing metadata labels to drive additional security controls and solutions, such as DLP, encryption, and secure collaboration
Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements
Privacy Amendment Bill 2017 (Notifiable Data Breaches)
The Australian Government passed the Privacy Amendment (Notifiable Data Breaches) Bill 2017 on February 13, 2017. This bill started a process that meant all entities covered by the Australian Privacy Principles (APPs) will have clear obligations to report eligible data breaches. The big question is this: what can you do to ensure you are compliant?
This Bill introduces mandatory data breach notification provisions for agencies, organizations, and certain other entities that are regulated by the Australian Privacy Act. As of February 22, 2018, when this law came into effect, organizations who hold any kind of private personal data of Australian citizens need to make sure they are doing all they can to protect this information. Just like the GDPR, this is not just applicable for organizations based in Australia, but rather for any organization globally who holds this kind of data on Australian citizens.
The main focus of this amendment is to make sure users are notified when their data has been compromised in a data breach. Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
Failure to do so can result in strict penalties; fines will be up to $360,000 for individuals, and $1.8 million for organizations with an annual turnover more than $3 million. With the law now in effect, it is important for organizations to get things in order – understanding what private personal data needs to be protected, securing it, and putting resources and policies in place. The best place to start is with data classification – the first step to a truly data-centric approach to protecting personal information.
Key Changes In This Amendment
Failure to report a breach can lead to fines of up to $1.8 million for organizations or $360,000 for individuals.
Affects organizations with an annual turnover of more than $3 million.
Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
This is not just applicable for organizations based in Australia, but rather for any organization globally who holds data on Australian citizens.
Learn More about Fortra's Data Classification
Find out how Fortra's flexible data classification can help drive compliance with a variety of regulations and requirements.
If you're ready for a demo, let's talk about how we can help with your specific compliance needs.