The protection of information by universities has come under focus in recent years as a number of Australian universities have been subject to cybersecurity attacks. These attacks highlight the risks of data breaches and the potential impact on students, staff, and research participants. This led to the Office of the […]
Privacy - Australia and NZ
Protection of Personal Data in Universities Report
Victoria’s Information Commissioner recently released a report following an examination of the privacy policies and procedures in eight Victorian universities. The report found that many universities don’t have clear policies to guide staff to destroy personal information when it is no longer needed. While Universities are prioritising ICT and cybersecurity risks, in […]
NZ OPC’s interactive tools for international personal data transfers
The Office of the Privacy Commissioner has created two new interactive online tools to help organisations and businesses understand what they need to do if they are sending New Zealanders’ personal information overseas to comply with the new principle 12. The Principle 12 Decision Tree – is designed to help organisations, especially SMEs, easily […]
APAC Privacy Law Update: Cross Border Transfers
With a range of new regulations, tools and projects underway, Information Governance ANZ were pleased to host a virtual forum with updates on the latest data privacy developments across the Asia Pacific region. This interactive session was facilitated by Susan Bennett, Founder of InfoGovANZ and our special guests included: NZ […]
Information Security Risk Management Practitioner Guide – OVIC
The Office of the Victorian Information Commissioner (OVIC) issues security guides to support the Victorian Protective Data Security Standards (VPDSS). This document provides organisations with guidance on security risk management fundamentals to enable them to undertake a Security Risk Profile Assessment (SRPA) as required under s89 of the Privacy and […]
OAIC Privacy Assessment tool
OAIC launched a new Privacy Impact Assessment Tool (DOCX), which helps you conduct a PIA, report its findings and respond to recommendations. Accompanying the Guide to undertaking privacy impact assessments, entities are encouraged to take a flexible approach and adapt this tool to suit the size, complexity and risk level […]
Active Navigation – Equifax Case Study
Following the highly publicised Equifax data breach in 2017, Active Navigation’s software was deployed into a complex tech stack and worked to identify, classify and protect sensitive data assets.
While IG, Legal, Risk and eDiscovery practitioners understand the need to minimise data in accordance with justifiable disposition of data and records, privacy regulations are now also drivers for organisations to review the personal information they are collecting. GDPR’s principle of data minimisation is making organisations rethink what constitutes acceptable data use. Australian Privacy Principle 11.3 requires an APP entity to take reasonable steps to destroy or de-identify personal information that is no longer needed for any purpose for which the personal information may be use or disclosed under the APPs.
You can read more about how Equifax is using Active Navigation’s software, Discovery Center, to identify and delete unnecessary records, which proactively reduces overall data surface footprint and facilitates data privacy compliance.
Big Data, Privacy and Information Governance: Incorporating an Ethical Based Assessment
As the law lags behind in rapid technology innovations, particularly in big data, artificial intelligence (AI), machine-learning and the Internet of Things (IoT), there is increasing awareness and discussion about the need for an ethical based approach to data analytics. This article considers why an ethical based approach can […]
Are You Prepared for a Data Breach Crisis?
Your company is entrusted with sensitive, personal data – that of your employees, customers, investors, and others. These individuals trust that you are protecting their privacy and managing that information to their expected standards. This trust is critical to the long-term success of your company. The question is: when a […]
Australia’s Notifiable Data Breaches Scheme
Australia’s Notifiable Data Breaches (NDB) scheme came into effect from 22 February 2018. This article explains what a Notifiable Data Breach is and when to notify the Australian Information Commissioner and individuals whose personal information has been subject to a data breach likely to result in serious harm. Importantly, organisations […]
GDPR: Change to European privacy laws and its impact on Australian businesses
The European’s Union General Data Protection Regulation (GDPR) imposes significant change to privacy laws in Europe and will apply and be enforced from 25 May 2018. Organisations that fail to comply with the GDPR face heavy fines up to €20 million or up to 4% of global annual turnover, […]
