The Australian Privacy Principles (APP) and Notifiable Data Breach laws apply to all Australian businesses with a turnover of $3m+ (plus some specific smaller businesses such as medical centres and those dealing in credit). You may have heard of “GDPR,” a similar set of regulations coming into effect this month that will affect all businesses that have an office in the EU and/or transact with European citizens. These laws define how businesses must handle, use and protect personal information.
In this week’s webchat, 1300 Web Pro Directors James and Brendan explain the Australian Privacy Principles, Notifiable Data Breaches and GDPR privacy and data security laws. Find out whether these laws apply to you and why they are important. Regardless of the type of business or non-for-profit you run, you must ensure you are up to date on this legislation.
AUSTRALIAN PRIVACY PRINCIPLES
The Australian Privacy Principles (APP) are a set of rules that many organisations in Australia must comply with.
Examples of the regulations include:
- Open and transparent management of personal information
- Individuals having the option to transact anonymously
- How personal information can be used and disclosed
- Keeping personal information secure
You are subject to APP if:
- Your business has a 3 million dollar turnover for not-for-profit/private sector organisations
- You are a Government body
- You are in specific industries such as private health services & credit reporting
To read the Australian Privacy Principles, and see who they apply to, visit this page at the Office of the Australian Information Commissioner. Click this link! »
NOTIFIABLE DATA BREACHES
The Notifiable Data Breach (NDB) rules define how organisations respond to data loss.
Data loss could be a “hacking” event, but it can also be as low-tech as a lost USB stick. A staff member accessing personal information without a legitimate business need can even be deemed a “breach” under the Act.
An assessment is required to assess whether harm is likely to come to the person(s) whose data was lost as a result of the breach. If the data breach is likely to result in serious harm, the Notifiable Data Breach laws require an organisation to notify individuals and report the breach to the Australian Government.
If your business relies on cloud service providers (such as Microsoft Office 365, or even 1300 Web Pro hosting services), you need to consider how a breach at the service provider level could affect your organisation’s compliance with the Notifiable Data Breach laws. This is probably the most complicating factor.
For more on the Notifiable Data Breach legislation, from the Office of the Australian Information Commissioner, Click this link! »
EUROPEAN UNION GENERAL DATA PROTECTION REGULATION (GDPR)
You may have heard the news recently that the General Data Protection Regulation (GDPR) comes into effect late this month in Europe. GDPR is similar to the Australian Privacy Principles, but with some very important differences.
GDPR applies to:
- Anyone in the EU
- Any business with the presence in the EU (such as, an Australian business that has a contractor or salesperson in the EU)
- If you do business with European Citizens (including eCommerce stores selling into the EU).
Major differences between GDPR and the Australian Privacy Principles (APP) are:
- GDPR applies to businesses of all sizes, whereas some businesses are exempt from APP.
- GDPR has an additional requirement for a person to request deletion of all their historical data (eg. to “disappear”).
- GDPR is not limited to businesses based in the EU.
- There are also differences in relation to data breach notification.
It is a common misconception that EU GDPR laws will not affect Australian businesses. It is important to seek appropriate advice now, rather than finding out your organisation is subject to GDPR after it is too late.
Fortunately, the Office of the Australian Information Commissioner has published a comparison between APP and GDPR, to help your business take a harmonised approach to privacy and data security. To view this comparison article Click this link! »
Did you find this information beneficial?
Do you want to speak to someone further? We are happy to share our knowledge. Call us on 1300 932 776