A Brief Guide to the ICT Security Controls Required by the Australian Privacy Principles
The Privacy Amendment Act 2012 has passed through the Australian Parliament and took effect on 12 March 2014. The new legislation introduces significant obligations for the protection of Personal Information held by Australian organisations and material financial penalties of $1.7mil for all Australian organisations with revenues greater than $3mil. Organisations that collect and or hold Personal Information are required to comply with the Privacy Act 1988 and its Amendments.
The Privacy Amendment Act includes a set of new, harmonised, privacy principles that will regulate the handling of Personal Information by both Australian government agencies and businesses. One of the key aspects of the amendments involve changes to the penalties for non-compliance. The Australian Information Commissioner’s powers have been expanded under the Amending Act reforms.
The Commissioner will have the power to issue guidelines to a non-compliant entity or vary their registered APP code by including additional requirements for compliance. Breaches of the Privacy Act will be deemed an interference with privacy and could lead to an entity being subject to investigation by the Commissioner. The Office of the Australian Information Commissioner has published a handy guide that organisations can follow to understand what ICT security measures that need to undertake.