Advisory Services

Mandatory Data Breach Compliance

Easily conform to Technical and Business Requirements of New 2017 Legislation

In February 2017, the Senate passed the Privacy Amendment (Notifiable Data Breaches) Bill 2016 bringing Australia in line with other countries globally. These laws will take effect within 12 months, giving businesses limited time to prepare for compliance with the new legislation.

This amendment requires businesses to not only report unauthorised access to, or disclosure of, personal information, but also to investigate any suspicions of a data breach, whether or not there are reasonable grounds to believe that one has occurred. 

Summary of the Australian Privacy Principle 11:

  • APP 11 requires an APP entity to take active measures to ensure the security
    of personal information it holds, and to actively consider whether it is
    permitted to retain personal information
  • An APP entity that holds personal information must take reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure
  • An APP entity must take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs

Contact us today to book a consultation

mandatory-data-breach-compliance.jpg

How Content Security Can Help

  • Document the PII flow within your organisation
  • Understand the effectiveness of the security controls currently in place
  • Define a roadmap to improve the effectiveness and efficiency of your security controls
  • Help management demonstrate commitment to protecting personal information
  • Quantify the level of risk to management and the board

Contact us today to book a consultation

Browse our other GRC Advisory services:

Subscribe to our newsletter