Data Breach Notification in Australia

Course Description

This 2 hour on-line session provides an overview of the Australian data breach notification obligations, introduced by the Privacy Amendment (Notifiable Data Breaches) Bill , and which became effective in February 2018.  The new data breach laws will be reviewed in detail as will other obligations to notify of unauthorised access to or disclosure of information, applicable to Australian organisations. The session includes practical suggestions on establishing capability to comply with the mandatory data breach notification requirements which are now part of Australia’s privacy laws.

Privacy Impact Assessment Workshop

Course Description

This 1/2 day hands-on workshop helps participants understand how to prepare for and carry out a privacy impact assessment (PIA) in their own organisations. 

A privacy impact assessment represents an innovative approach to managing the risks associated with privacy practices at an early stage of developing new products or services or making significant changes to business operations.  This course covers both the theory behind PIAs as well as offering participants practical experience in completing a PIA through the hands-on exercise.

The importance of PIA is recognised in Australia’s Privacy Act which gives the Australian Privacy Commissioner the power to direct government agencies to undertake a PIA. The Commissioner recommends that all organisations consider undertaking a PIA as part of their obligations to secure personal information and ensure compliance with their Privacy Act obligations. PIAs are also an important part of the Privacy Commissioner’s recommended Privacy Management Framework.

This workshop commences with an overview of relevant provisions of the Privacy Act 1988 (Cth).  It then provides a general outline of the PIA process, before focusing on the following key stages of a PIA in detail:

  • Project description: describe the project
  • Data Flow Mapping: describe and map the flows of personal information (internally and external to the organisation) and document relevant legislative and organisational rules.
  • Privacy impact analysis: analyse impacts on privacy.
  • Privacy management: consider alternative options that may improve privacy outcomes.
  • Recommendations & Report: produce a final report that considers the next steps for eradicating or mitigating the privacy risks.

The class will finish with a workshop based on a real life scenario, giving all attendees an opportunity to apply the theory in a practical environment.

Subscribe to RSS - Awareness