Privacy Act II (The Sequel) – Considerations for the Tech Sector

No ratings

Presented at AusCERT 2014 by

Pierre Tagle

Come 12 March 2014, Australia’s Privacy Amendment (Enhancing Privacy Protection) Act 2012 will take effect. The purpose of the Privacy Act is to protect individuals against the mishandling of personal information by organisations that collect, use and/or share that information. Up until now, the Privacy Act has not kept pace with the hyper interconnected world and the increasing trend of online transactions, whether for personal or for business use. Most if not all of the technologies in use today did not even exist when the original Act was implemented in 1988. The new Australian Privacy Principles (APPs) replaces the National Privacy Principles (NPP), and with it comes new considerations for industries and government alike. The APPs attempt to keep pace with the fast moving technology developments and emerging privacy issues. With the amended Privacy Act and the new APPs come with increased enforcement powers from the Privacy Commissioner. This presentation seeks to provide an overview of the implications of the amended Act on the technology sector and/or organisations with heavy reliance on the technology sector. This is meant to help organisation prepare for the increased focus on privacy compliance and the increasing scrutiny on privacy in respect of new and emerging technologies such as the Cloud, Big Data, Mobile Data, etc. For companies who have developed processes and controls deemed in line with the original Act, this presentation identifies the key areas where existing compliance programs need review. Similarly, for companies who have not considered the implications of the Privacy Act Amendments on its business processes, this presentation provides an overview on existing processes and technologies, as well as newer approaches and platforms being considered in the organisation’s business roadmap. During this presentation, the following topics will be covered: Privacy in today’s world – privacy misconceptions and more Privacy Act 2012 – The long awaited sequel APPs vs NPPs New powers for the Privacy Commissioner – A bigger stick Considerations for the Tech Sector Offshore Data – Third Party Management What to do with Big Data? When data is on the move – the Mobile App/Data environment When using the CLOUD = Cannot Locate Our User’s Data Data security – The “reasonable steps” question Approaches to simplifying privacy compliance and mitigating risks Integrating privacy compliance into the security framework – security driven compliance