Data Breach Notification in Australia

Course Description

This 2 hour on-line session provides an overview of the Australian data breach notification obligations, introduced by the Privacy Amendment (Notifiable Data Breaches) Bill , and which became effective in February 2018.  The new data breach laws will be reviewed in detail as will other obligations to notify of unauthorised access to or disclosure of information, applicable to Australian organisations. The session includes practical suggestions on establishing capability to comply with the mandatory data breach notification requirements which are now part of Australia’s privacy laws.

Australian Privacy Act: Overview

Course Description

Want to know about privacy in Australia? This 2 hour on-line course provides a brief introduction to the main piece of privacy legislation in Australia, the Australian Privacy Act 1988, with a particular focus on aspects relevant to IT and information security professionals.  It will outline the structure of the Act, go through all of the Australian Privacy Principles and cover the powers available to the Australian Privacy Commissioner.
The course content is completely up-to-date, including coverage of the data breach notification  amendments plus all the latest guidance, determinations and investigation reports issued by the Australian Privacy Commissioner.  It is designed for those who are interested in developing an awareness rather than detailed knowledge about their privacy obligations.
 

Privacy Management Framework

Course Description

This 2 hour live on-line session focuses on the OAIC’s Privacy Management Framework and what it means for entities subject to the Privacy Act 1988 (Cth), (as updated in March 2014). In March 2015 the Office of the Australian Information Commissioner (OAIC) released guidance on an Privacy Management Framework which provides steps the OAIC expects regulated entities to take to meet their obligations under Australian Privacy Principle (APP) 1. The Privacy Management Framework guide is aimed at enabling compliance and encouraging good practice.

Privacy & Confidentiality Law For Information Security Professionals

Course Description

This course covers the law of privacy and confidentiality in Australia, with a particular focus on aspects relevant to information security professionals. It is also designed so that organisations understand the Privacy Act  amendments effective 12th March 2014 and what those changes might mean for them.
It will focus on the Privacy Act 1988 (Cth) – the Commonwealth legislation that requires the protection of personal information in Australia - and will cover  the following: 
·         Application and exemptions
·         Definitions and key concepts e.g. “Personal Information”, “De-identification”, “Use” and “Disclosure”
·         the new Australian Privacy Principles (APPs) and changes from the old IPPs and NPPs
·         The Privacy Commissioner’s powers, including the power to seek penalties and enforceable undertakings
·         The Privacy Commissioner’s Guide to Reasonable Security
·         Consequences of breaching the Act
There will be a separate detailed consideration of Privacy Act issues raised by Cloud Computing contracts - including issues of consent and the cross border disclosure of data.
Relevant State privacy laws will also be covered.

Although focusing on Australian privacy law and the protection of confidential information - there will also be some coverage of the privacy and data protection regimes in the United States, Europe and Asia.Placeholder

Privacy Impact Assessment Workshop

Course Description

This 1/2 day hands-on workshop helps participants understand how to prepare for and carry out a privacy impact assessment (PIA) in their own organisations. 

A privacy impact assessment represents an innovative approach to managing the risks associated with privacy practices at an early stage of developing new products or services or making significant changes to business operations.  This course covers both the theory behind PIAs as well as offering participants practical experience in completing a PIA through the hands-on exercise.

The importance of PIA is recognised in Australia’s Privacy Act which gives the Australian Privacy Commissioner the power to direct government agencies to undertake a PIA. The Commissioner recommends that all organisations consider undertaking a PIA as part of their obligations to secure personal information and ensure compliance with their Privacy Act obligations. PIAs are also an important part of the Privacy Commissioner’s recommended Privacy Management Framework.

This workshop commences with an overview of relevant provisions of the Privacy Act 1988 (Cth).  It then provides a general outline of the PIA process, before focusing on the following key stages of a PIA in detail:

  • Project description: describe the project
  • Data Flow Mapping: describe and map the flows of personal information (internally and external to the organisation) and document relevant legislative and organisational rules.
  • Privacy impact analysis: analyse impacts on privacy.
  • Privacy management: consider alternative options that may improve privacy outcomes.
  • Recommendations & Report: produce a final report that considers the next steps for eradicating or mitigating the privacy risks.

The class will finish with a workshop based on a real life scenario, giving all attendees an opportunity to apply the theory in a practical environment.

Pages

Subscribe to RSS - Privacy