Navigating Australia’s data privacy landscape in 2024

As of September 2023 the Australian Government had agreed to 38 of 116 recommendations, which will now be drafted into the Privacy Act in 2024.

Protegrity can help your organisation comply with these upcoming changes.

TALK TO US

Learn how to comply with the Proposed Australian Privacy Act 2024

Talk with an expert to help prepare your organisation for regulatory privacy compliance.

RECOMMENDED CHANGES THAT HAVE BEEN AGREED ‘IN PRINCIPLE’ (and therefore are still being considered)

• The Right to be Forgotten, and other individual rights for
Australians, including requesting an explanation of what
has been done with their personal data and from where it
was sourced; objecting to information handling practices;
erasure of personal information.
• A ‘fair and reasonable’ test for data collection.
• Organisations may need to state maximum or minimum data
retention periods.
• The OAIC may require notification of data breaches within 72
hours.
• A ‘fair and reasonable’ test for data collection.
• Organisations may need to state maximum or minimum data
retention periods.

KEY AGREED TO CHANGES

• Clarification of definitions including ‘de-identification’ and ‘disclosure’.
• Alignment with GDPR on using the terms ‘controllers’ and‘ processors’ of personal data.
• Removal of the 1988 Privacy Act’s SMB exemption but only if they are utilising biometric information or trading personal
data.
• Organisations must take ‘reasonable’ steps to protect personal data, with the OAIC due to provide further guidance.
Streamlining of data breach reporting processes

Four Data Privacy Implementation Considerations in 2024

01
DATA PRIVACY IS AN ORGANISATION’S RESPONSIBILITY

The protection of individuals’ data held by your business is now considered 100% your responsibility. This means data privacy should be seen as a business priority, and many of the Data Privacy Review’s ‘agreed in principle’ recommendations are worth adopting now.

02
DATA PRIVACY UNDERPINS CYBER SECURITY

Data breaches are what keep board leaders awake at night, but data privacy technology can reduce the usefulness of any data to cybercriminals even if it is leaked.

03
TAME THE ‘UNTAMABLE BEAST’

Enterprise IT stacks are sprawling and unwieldy, with credentials and access points often living in silos. Effective data privacy starts by gaining visibility into the whole environment, then centralising and streamlining control of it.

04
PROACTIVE DATA MANAGEMENT WILL DRIVE BUSINESS VALUE

Data shouldn’t be seen as a burden, but as a key asset for an organisation. Protecting data, specially as it flows between countries and partners, should be a given so that businesses can focus on leveraging this data to achieve a competitive edge.

Australia’s data breach problem in numbers

What does this mean for your organisation?

Responsibility for privacy is shifting from the individual, and organisations will be expected to comply. We recommend business leaders bear in mind three golden rules, which will help future proof their organisations from upcoming changes:

Organisations need to show regulators, customers and other stakeholders that they are taking serious steps to protect sensitive data, both through privacy principles and processes, and cyber maturity.

Organisations will be expected to explain how and why they collect the data they store, who has access, what it is used for, and if it can be deleted if requested. This means, at the very least, having a complete picture of data files and repositories.

Business leaders and organisations are being held to task by the government, via fines stipulated in the Privacy Act, while regulators like ASIC have already started making examples of companies that are not up to scratch.

By 2024, modern privacy regulation will blanket the majority of consumer data, but less than 10% of organizations will have successfully weaponized privacy as a competitive advantage.

Gartner

Australia Data Privacy Landscape Resources

1/2
More Protegrity Resources