fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Personal Data Protection Act Australia

personal data protection act australia
The Personal Data Protection Act Australia (Privacy Act) was introduce to protect the privacy of individual regulate how Australian Government handle personal data.

Personal Data Protection Act Australia

The Personal Data Protection Act Australia (Privacy Act) was introduced to promote and protect the privacy of individuals and to regulate how Australian Government agencies and organisations with an annual turnover of more than $3 million, and some other organisations, handle personal information.

The Personal Data Protection Act Australia includes 13 Australian Privacy Principles (APPs), which apply to some private sector organisations, as well as most Australian Government agencies. These are collectively referred to as ‘APP entities’. The personal data protection act Australia also regulates the privacy component of the consumer credit reporting system, tax file numbers, and health and medical research.

Who has rights under the personal data protection act?

The personal data protection act Australia regulates the way individuals’ personal information is handled. As an individual, the personal data protection act Australia gives you greater control over the way that your personal information is handled. The personal data protection act Australia allows you to:

  • know why your personal information is being collected, how it will be used and who it will be disclosed to
  • have the option of not identifying yourself, or of using a pseudonym in certain circumstances
  • ask for access to your personal information (including your health information)
  • stop receiving unwanted direct marketing
  • ask for your personal information that is incorrect to be corrected
  • make a complaint about an organisation or agency the personal data protection act covers, if you think they’ve mishandled your personal information

Who has responsibilities under the personal data protection act?

Australian Government agencies (and the Norfolk Island administration) and organisations with an annual turnover more than $3 million have responsibilities under the personal data protection act Australia, subject to some exceptions.

Also read: Australia – Data Protection Overview

What is an organisation?

The personal data protection act Australia defines an organization as:

  • an individual, including a sole trader (though generally, the personal data protection act Australia doesn’t apply to an individual acting in a personal capacity)
  • a body corporate
  • a partnership
  • any other unincorporated association, or
  • a trust
  • unless they’re a small business operator, registered political party, state or territory authority or a prescribed instrumentality of a state.

What small businesses are covered?

Personal data protection act cover some small business operators (organisations with an annual turnover of $3 million or less), including:

  • a private sector health service provider — an organisation that provides a health service includes:
    • a traditional health service provider, such as a private hospital, a day surgery, a medical practitioner, a pharmacist and an allied health professional
    • a complementary therapist, such as a naturopath and a chiropractor
    • a gym or weight loss clinic
    • a child care center, a private school and a private tertiary educational institution
  • a business that sells or purchases personal information
  • a credit reporting body
  • a contracted service provider for a Australian Government contract
  • an employee association registered or recognized under the Fair Work (Registered Organisations) Act 2009
  • a business that has opted-in to the personal data protection act
  • a business that is related to a business that is covered by the personal data protection act
  • a business prescribed by the personal data protection act regulation 2013

Which acts and practices are covered by the personal data protection act?

Particular acts and practices of some other small business operators are covered by the personal data protection act including:

  • activities of a reporting entity or authorized agent relating to the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 and its regulations and rules
  • acts and practices to do with the operation of a residential tenancy database
  • activities related to the conduct of a protected action ballot

The personal data protection act also covers specified persons handling your:

  • consumer credit reporting information, including a credit reporting body, a credit provider (which includes energy and water utilities and telecommunication providers) and certain other third parties
  • tax file numbers under the Tax File Number Guidelines
  • personal information contained on the Personal Property Securities Register
  • old conviction information under the Commonwealth Spent Convictions Scheme
  • My Health Record information under the My Health Records Act 2012 and individual healthcare identifiers under the Healthcare Identifiers Act 2010

Also Read: AI Auditing Framework: Draft Guidance for Organizations

Who doesn’t have responsibilities under the personal data protection act?

The personal data protection act does not cover:

  • state or territory government agencies, including a state and territory public hospital or health care facility (which is covered under state and territory legislation) except:
    • certain acts and practices related to My Health Records and individual healthcare identifiers
    • an entity prescribed by the Privacy Regulation 2013
  • an individual acting in their own capacity, including your neighbors
  • a university, other than a private university and the Australian National University
  • a public school
  • in some situations, the handling of employee records by an organisation in relation to current and former employment relationships
  • a small business operator, unless an exception applies (see above)
  • a media organisation acting in the course of journalism if the organisation is publicly committed to observing published privacy standards
  • registered political parties and political representatives

Privacy laws applying to ACT public sector agencies

The Information personal data protection act 2014 (ACT) applies to Australian Capital Territory (ACT) public sector agencies.

The Information personal data protection act includes a set of Territory Privacy Principles (TPPs) that cover the collection, use, disclosure, storage, access to, and correction of, personal information. The TPPs are similar to the Australian Privacy Principles.

The Australian Privacy Commissioner is exercising some of the ACT Information Privacy Commissioner’s functions. These responsibilities include investigating privacy complaints about ACT public sector agencies, and receiving data breach notifications from ACT public sector agencies.

Also read: Australia: Data Protection 2019

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us