In response to the increasing number of reported data breaches, governments around the world are tightening data privacy regulations and increasing penalties for organisations that do not implement appropriate safeguards to protect private and personal data. These ever-changing privacy regulations can make it challenging for organisations to understand their compliance obligations and maintain their business, technical and operational privacy processes.

In Australia, information privacy law is primarily enforced through the Privacy Act 1988 which applies to organisations with an annual turnover of greater than $3 million, government agencies, health services providers, businesses that trade in personal information and others. Several Australian states and territories also have their own privacy legislation mainly covering the public sector. Federal privacy laws including the Privacy Act are mainly enforced by the Office of the Australian Information Commissioner (OAIC). Depending on your exposure to offshore markets, your organisation may also have obligations under foreign privacy laws such as the GDPR and CCPA.

The Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022 increases the maximum penalties for serious or repeated privacy breaches  to whichever is the greater of $50 million, three times the value of any benefit obtained, or 30 per cent of a company’s adjusted turnover in the relevant period. These new, larger penalties send a clear message to organisations that they must do better to protect the data they collect.

Cybervisory can work with your organisation to navigate the  privacy regulation minefield and to understand your compliance obligations. We can perform a privacy assessment to identify your information assets (the personal data your organisation collects, stores and processes), identify any risks associated with that data, and to develop a robust data privacy strategy to protect those assets and achieve compliance. We can also assist with implementing automated systems and operational processes to manage personal data and enforce compliance requirements such as consent and retention periods. Don’t risk penalties associated with a data breach – let Cybervisory help implement your privacy framework today.