25 February 2019
The last year has seen huge changes in the privacy and data protection landscape, some that were foreseeable and some that may have caught businesses and individuals by surprise.
The introduction of the Notifiable Data Breach scheme last February caused many companies to review their preparedness for a breach, and was also a huge workload for the regulator, the Office of the Australian Information Commissioner (OAIC).
The quarterly reports issued by the OAIC on notified breaches make instructive reading and tell a story of two streams – cyber security risk and human error.
This suggests companies need as much investment in technology as they do in their people, which is an ongoing issue as people move, change and need constant training.
The advent of the European Union General Data Protection Regulation (GDPR) has seen many organisations swamped with documentation from contractual counterparties seeking to ensure their supply chain is GDPR compliant. This has caused headaches for many Australian businesses whose Privacy Act compliance was light in any event.
A recent Deloitte survey indicated worldwide only three per cent of surveyed businesses thought the GDPR did not apply to them, that means 97 per cent coverage, which may have been an unexpected territorial reach.
The EU has signalled its intent to enforce the GDPR both within and beyond the EU and the consequence is Australian businesses cannot be complacent.
EU data supervisory authorities are also being overwhelmed with complaints from citizens and businesses are reporting a huge increase in requests for personal information from individuals.
All of this means privacy related issues need to take a seat at the executive team table and be actively managed and also be seen to be treated seriously. How the privacy and data protection function is staffed and who is responsible is another question many businesses large and small are grappling with.
Tie this in with cyber strategies, information security, social media and the human element and it is a significant challenge.
We will soon launch our series of national privacy roundtable events with a Sydney session on 21 March that will seek to explore some of these challenges and share peer to peer experience in a Chatham House rules environment.
Author: Lyn Nicholson
Lyn Nicholson, General Counsel
T: +61 2 8083 0463
Dan Pearce, Partner
T: +61 3 9321 9840
Trent Taylor, Partner
T: +61 7 3135 0668
The information in this publication is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, we do not guarantee that the information in this publication is accurate at the date it is received or that it will continue to be accurate in the future. We are not responsible for the information of any source to which a link is provided or reference is made and exclude all liability in connection with use of these sources.