Why CIOs need to pay attention to the most significant overhaul of Australian privacy law in 40 years

1 month ago AndyC

Michael Fagan, former chief transformation officer at Village Roadshow, examines the proposed changes to the Privacy Act and what CIOs in Australia need to be aware of.

[…]

Why CIOs need to pay attention to the most significant overhaul of Australian privacy law in 40 years

Michael Fagan, former chief transformation officer at Village Roadshow, examines the proposed changes to the Privacy Act and what CIOs in Australia need to be aware of.

I received 7 unsolicited CVs and resumes in the last 12 months, from well-educated and qualified people, seeking to join the organisation where I was working.  Unbeknownst to the senders, they put me at risk of breaching one of the 13 Australian Privacy Principles (APP), despite me not really knowing these people, and never asking them for information.  The jobseekers included a varying amount of personal information, including email address, phone numbers, home address, work and education history, and more.  One applicant even included a photograph and, no lie, their weight. (Although I suppose if I only weighed 47kg I’d put it on my CV too).  By giving me this personal information, they placed an obligation on me and my organisation to use it wisely, or risk penalties up to $1.8m.

In 2024, the government has committed to strengthening privacy law, including equipping the regulator with more powers and more options to enforce – meaning that those penalties could be even harsher.  The Attorney General’s department spent three years reviewing the 1988 Privacy Act, and released a report in February 2023 outlining 116 proposals for change.  The Australian Government published its response in September 2023 agreeing to 38 proposals, “agrees in principle” to 68 proposals (i.e. further consultation required to understand impact and alignment with other reviews like Digital ID, and the Australian Cyber Security Strategy before implementation), and notes the remaining 10.  The report is availablehere, and the responsehere, and the government’s current round of consultation ends 28 March 2024.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , ,

More Stories

Dropbox adds end-to-end encryption for team folders

Dropbox adds end-to-end encryption for team folders

18 hours ago AndyC
TransUnion transforms its business model with IT

TransUnion transforms its business model with IT

21 hours ago AndyC
Android versions: A living history from 1.0 to 15

Android versions: A living history from 1.0 to 15

21 hours ago AndyC
The unspoken obnoxiousness of Google's Gemini improvements

The unspoken obnoxiousness of Google’s Gemini improvements

21 hours ago AndyC
M&A action is gaining momentum, are your cloud security leaders prepared?

M&A action is gaining momentum, are your cloud security leaders prepared?

1 day ago AndyC
CIOs eager to scale AI despite difficulty demonstrating ROI, survey finds

CIOs eager to scale AI despite difficulty demonstrating ROI, survey finds

2 days ago AndyC

You may have missed

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware

16 mins ago AndyC

Friday Squid Blogging: Searching for the Colossal Squid

6 hours ago AndyC
Showcasing Artwork by Max for Autism Awareness Month

Showcasing Artwork by Max for Autism Awareness Month

6 hours ago AndyC

How to Remove Personal Information From Data Broker Sites

12 hours ago AndyC
Experts warn of malware campaign targeting WP-Automatic plugin

Experts warn of malware campaign targeting WP-Automatic plugin

12 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.