Australian Privacy Act

What is the Australian Privacy Act

Privacy laws are front and centre for most countries in 2022, and Australia is no exception. The Australian Privacy Act addresses the management and handling of personal data. It applies to any organisation that holds data on Australian citizens, irrespective of where it is located. The penalty for non-compliance with this regulation is severe, with fines of up to $1.8million. That's to say nothing of the long-term damage to reputation. How can organisations ensure they are compliant?

It's a significant challenge, because the Australian Privacy Act is constantly evolving. Following a major round of amendments in 2014, the Privacy Amendment (Notifiable Data Breaches) Bill 2017 meant that all entities covered by the Australian Privacy Principles (APPs) now have clear obligations to report eligible data breaches.

pointing at checklist

Organisations must be aware of any changes that may occur due to these consultations. For now, though, the focus is to notify users when their data has been compromised in a data breach. Organisations will need to inform those affected and the information commissioner within 30 days of a data breach occurring.

The first step should always be to understand what private personal data needs to be protected before putting the right resources and policies in place. This should involve data classification, which enables a data-centric approach to protecting personal information.

Key Current Requirements

Failure to report a breach can lead to fines of up to $1.8 million for organizations or $360,000 for individuals.

Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.

The act is not just applicable to organisations based in Australia, but to any organisation globally that holds data on Australian citizens.

Affects organizations with an annual turnover of more than $3 million.

The First Steps When Securing Your Sensitive Data

Protect Sensitive Files

The first step in using a data classification approach to achieving compliance, is to understand all the personal or sensitive data you hold and the potential risks to its security. You will need to ask the following:

  • What data do you hold on Australian citizens?
  • What data is being collected, and from where?
  • Where is that data being stored and processed?
  • Why do you have it?
  • How sensitive is it?
  • How is it accessed, used, or shared?

The data must then be classified or tagged according to its sensitivity. Once you have singled out the most confidential information, you can determine what higher-grade controls need to be applied to ensure it is adequately protected

Fortra’s Data Classification can help you comply with Australian Privacy Act

Fortra's Data Classification solutions support compliance with the Australian Privacy Act including this amendment by:

Fortra's Classifier Suite, can also help support Australian Privacy Act compliance:

How can Fortra's Classifier Suite Help?


Market-leading data classification from Fortra's Classifier Suite supports compliance with regulations by:

  • Ensuring appropriate control of confidential or sensitive information.
  • Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements.
  • Alerting users when personal data leaves the organization to warn or prevent them from sending messages that contain sensitive information. 
  • Educating users about the sensitivity of data whilst ensuring adherence to corporate policy.
  • Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities. 
  • Enabling rapid search and data retrieval based on classification labels to support subject access requests. 
  • Utilizing metadata labels to drive additional security controls and solutions, such as DLP, encryption, and rights management. 
  • Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements. 

Learn More about Fortra's Data Classification

Find out how Fortra's flexible data classification can help drive compliance with a variety of regulations and requirements. 


If you're ready for a demo, let's talk about how we can help with your specific compliance needs.