The OAIC’s latest Notifiable Data Breaches Report (Jul – Dec 2023) reveals the risk for organisations that outsource the handling of personal information to third party service providers and contractors – as well as risks of retaining personal information for longer than needed. In this Update we review the OAIC’s latest findings and provide guidance on steps an organisation can take to minimise risk and harm and to protect confidential information/data.
Read more
Under Australian Privacy Law, organisations that hold Personal Information must take reasonable steps to destroy or de-identify personal information that the entity no longer needs – or face risks of incurring high penalties and reputational damage. An effective Data Retention and Destruction Policy provides an entity with a clear roadmap to ensure compliance with its obligations at law.
Read more
Major reforms are proposed to Australian privacy and data protection laws to align the laws with global standards and enhance protection. Businesses will have to start planning for the privacy law changes which are likely to be implemented within the next 12 to 18 months. This update provides an overview of the key proposed reforms and includes some steps businesses can take to get ready for the changes.
Read more
Understanding the risks and legal issues associated with using cloud based computing services is critical for risk management and protection of an organisation’s data and related intellectual property and to minimise the risk of business disruption.
Read more
The Optus data breach involving the disclosure of personal information of about 10 million Optus customers, exposes Optus to claims for compensation under the Privacy Act 1988 (Cth) and also to possible claims for breach of contract, negligence and contravention of the Australian Consumer Law.
Read more