Supporting Australian Privacy Act Compliance
Fortra's Data Classification solutions support compliance with the Australian Privacy Act including this amendment by:
Privacy Amendment Bill 2017 (Notifiable Data Breaches)
The Australian Government passed the Privacy Amendment (Notifiable Data Breaches) Bill 2017 on February 13, 2017. This bill started a process that meant all entities covered by the Australian Privacy Principles (APPs) will have clear obligations to report eligible data breaches. The big question is this: what can you do to ensure you are compliant?
This Bill introduces mandatory data breach notification provisions for agencies, organizations, and certain other entities that are regulated by the Australian Privacy Act. As of February 22, 2018, when this law came into effect, organizations who hold any kind of private personal data of Australian citizens need to make sure they are doing all they can to protect this information. Just like the GDPR, this is not just applicable for organizations based in Australia, but rather for any organization globally who holds this kind of data on Australian citizens.
The main focus of this amendment is to make sure users are notified when their data has been compromised in a data breach. Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
Failure to do so can result in strict penalties; fines will be up to $360,000 for individuals, and $1.8 million for organizations with an annual turnover more than $3 million. With the law now in effect, it is important for organizations to get things in order – understanding what private personal data needs to be protected, securing it, and putting resources and policies in place. The best place to start is with data classification – the first step to a truly data-centric approach to protecting personal information.
Key Changes In This Amendment
Failure to report a breach can lead to fines of up to $1.8 million for organizations or $360,000 for individuals.
Affects organizations with an annual turnover of more than $3 million.
Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
This is not just applicable for organizations based in Australia, but rather for any organization globally who holds data on Australian citizens.