The Australian Attorney-General’s Department has recently published the outcome of its long-awaited review of the Privacy Act 1988. This marks a significant step towards reforming the country’s privacy law to keep up with the ever-evolving digital landscape.
Michael Bovalino, ANZ Country Manager, LogRhythm
“The Privacy Act reform is a welcome update considering the amount of business digitisation that Australia has achieved in recent years. At the same time, the recent Optus and Medibank breaches have shown citizens just how data protection regulations can affect them when so much personal information is held on the basis of trust with the organisations they are transacting with.
“The reform needs to provide a clearer definition of “Personal Information” and for security protections to be applied to information that has been de-identified, especially if these have the possibility to be re-identified. At the same time, with small business being 350% more likely to experience social engineering attacks, it makes sense for the legislation not only to include smaller businesses but also to provide support to these businesses to ensure that they have the time and budget to obtain the proper infrastructure and training required to comply with the reforms.
“In addition, while the reform suggests individual rights could be modelled on the EU’s GDPR, this gives Australians some “right to be forgotten,” as well as more transparency and control over just how their data is being handled. In this age where a simple search exposes who you are and makes it easy to be impersonated, it’s good to have that option available. At the same time, individuals should also be wary of who they’re giving consent to.
“At the end of the day, businesses should proactively seek to comply to various data protection and cybersecurity regulations relevant to their industries. After all, recent LogRhythm research found that 67 per cent of companies have lost a deal due to their prospect’s lack of confidence in their security at a time when the OAIC is also seeking a greater mandate in relation to investigations, public inquiries and determinations. Compliance will give businesses a strategic advantage, especially when it’s not a legal requirement, as it shows the company’s commitment towards reducing risks. This, alongside the new civil penalties introduced, means that there will now be stronger enforcement.
“All up, these reforms continue to scope how businesses should protect personal data. They will ensure that Australia remains a low-risk and attractive place to conduct business in.”