Australian Privacy Act

Supporting Australian Privacy Act
Compliance

Boldon James Classifier, the market leading data classification product, supports compliance with the Australian Privacy Act including this amendment by:

Ensuring appropriate control
of confidential or sensitive information

Classifying or labelling data with visual (and metadata) labels to highlight any special handling requirements

Alerting users when personal data is leaving the organisation to warn or prevent them from sending messages that contain sensitive information

Educating users about the sensitivity of data whilst ensuring adherence to corporate policy

Providing critical audit information on classification events to enable remediation activity and demonstrate compliance position to regulatory authorities

Enabling rapid search and data retrieval based on classification labels to support subject access requests

Utilising metadata labels to drive additional security controls and solutions, such as DLP, encryption and rights management

Orchestrating data management solutions, such as data retention and archiving, to ensure adherence to data storage requirements

Fact Sheet:
Australian Privacy Amendment

Whitepaper:
5 Steps To Effective
Data Protection

Privacy Amendment Bill 2017
(Notifiable Data Breaches)

The Australian Government have recently passed a new privacy amendment – the Privacy Amendment (Notifiable Data Breaches) Bill 2017 on the 13th February 2017 – which started a process that meant as of 22nd February 2018, all entities covered by the Australian Privacy Principles (APPs) will have clear obligations to report eligible data breaches. The big question is what can you do to ensure you are compliant?

This Bill introduces mandatory data breach notification provisions for agencies, organisations and certain other entities that are regulated by the Australian Privacy Act. As of the 22nd February 2018, when this law came into effect, organisations who hold any kind of private personal data of Australian citizens need to make sure they are doing all they can to protect this information. Just like the GDPR, this is not just applicable for organisations based in Australia, but rather for any organisation globally who holds this kind of data on Australian citizens.

The main focus of this amendment is to make sure users are notified when their data has been compromised in a data breach. Organisations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.

Failure to do so can result in strict penalties; fines will be up to $360,000 for individuals, and $1.8 million for organisations with an annual turnover more than $3 million. With the law now in effect, it is important for organisations to get things in order – understanding what private personal data needs to be protected, securing it, and putting resources and policies in place. The best place to start is with data classification – the first step to a truly data-centric approach to protecting personal information.

Key Changes
In This Amendment

Failure to report a breach can lead to fines of up to $1.8million for organisations or $360,000 for individuals
Affects Organisations with an annual turnover of more than $3 million
Organisations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
This is not just applicable for organisations based in Australia, but rather for any organisation globally who holds data on Australian citizens.

Why choose
Boldon James

With unrivalled customer service and best-of-breed data protection and governance solutions,
we are helping many of the world’s most successful organisations take control of their business data.
Everyday, our customers enjoy more effective, secure and streamlined operations -
protecting their business critical information and reducing risk.