Australia Privacy Principle

What is the Australia Privacy principle?

The “Australia Privacy principle” was voted in 1988 and intends to protect the personal information of local residents. New regulations were added to it in 2017 in response to the numerous data breaches that took place in the region.

The legislation applies to private sector entities with an annual turnover of at least AU$3 million, and all Commonwealth Government and Australian Capital Territory Government agencies. Organizations from various sectors such as insurance, telecom, healthcare are all subject to the law and can face serious penalties if they do not respect it.

In fact, the Privacy Commissioner and the Courts may impose fines of up to AU$420,000 for an individual and AU$2.1 million for corporations, for serious or repeated interferences with the privacy of individuals.

 

Requirements

Right of Access to Data / Copies of Data:

The Australian data privacy laws provide individuals the right to access their data and sets out timeframes within which organizations must respond.

How SecuPi Helps:

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

 

Right to Object to Processing:

The use, collection, and disclosure of personal data generally require notice and consent from data holders. “Australia Privacy Principles 2” provides individuals with the right to deal with entities anonymously.

How SecuPi Helps:

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

 

Privacy by Design and by Default:

There is a general requirement under the “Australian Privacy Principle 11” to take reasonable steps in order to protect personal data from misuse, interference, loss, unauthorized access, modification or disclosure. Any entity that holds personal data is responsible for ensuring the security of the information.

How SecuPi Helps:

SecuPi protects all data deemed personal and private by the application owner, hence immediately manage access privileges, and flag anomalous behavioristic facts on data access or processing. Through full audit, Data Protection by design and by default are enabled: 1. Data protection by design example – any access to personal data is logged and can never be deleted. 2. Data protection by default example – SecuPi can be configured to block all access to personal data unless specifically granted to users.

 

Right to Withdraw Consent:

The privacy principle guidelines indicate that individuals may withdraw their consent at any time they wish. If an individual withdraws his/her consent, the organization may no longer rely on the past consent for any future use or disclosure of personal data.

How SecuPi Helps:

To enforce the right to object, for any purpose, SecuPi can use any condition to avoid processing of application processes, including a parameter where a data subject requested not to be processed – thus preventing any access or manipulation of the subject’s data. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).

 

Breach Notification:

Organizations are required to report to OAIC, and any individuals affected if they reasonably believe an eligible data breach has occurred. Eligible data breaches are those that could result in serious harm to the affected individuals. If an organization suspects a data breach to happen, they usually have 30 days to investigate the breach.

How SecuPi Helps:

In the unfortunate case of a breach, SecuPi’s audit logs and behavior analytics can pinpoint exactly which data was exposed and breached, and significantly shorten the reporting time, while providing accurate and accountable information. SecuPi enables companies to cease processing part or all of the data about a data subject, without specialist development or specialist configuration, on any system where SecuPi is installed Furthermore, SecuPi dramatically simplifies rollback of changes, or further tweaks to processing restrictions (e.g. preventing customer service processing, but permitting the DPO, subject rights management team, or legal team access to resolve a complaint, legal case, or subject request).