Children’s Privacy in Australia: Risks, Laws, and Best Practices
We know changes are coming to children’s privacy in Australia. But we don’t know exactly...
We know changes are coming to children’s privacy in Australia. But we don’t know exactly...
Penalties in Europe might look relatively tame in 2024 compared to earlier years. The largest...
Late last year, our team got together to discuss the privacy happenings in 2024 and...
The Digital Personal Data Protection Act, 2023 (DPDPA) – India’s new, comprehensive privacy law -...
In November 2024, the International Association of Privacy Professionals (IAPP) published its annual Privacy Governance...
As 2024 draws to a close, our team got together to reflect on the state...
This week, Meta (Facebook) and OAIC announced they had agreed to an enforceable undertaking (EU),...
Organisation-wide privacy training should be a no-brainer: it’s in the top messages from all regulators...
The long-awaited amendments to the Australian Privacy Act were pushed through on 29 November 2024...
Combining CCTV with facial recognition technology is a new-ish technology that has slipped under the...
In 2023, Brian Hood (an Australian mayor) made headlines for what was going to be...
The privacy issues associated with the use of cookies in Australia has arguably been unclear...
In October 2024, Australia’s OAIC released updated privacy guidance for charities and other not-for-profit organisations. This...
You’ve worked there before. The company where you get cupcakes every time it’s someone’s birthday,...
This month the OAIC released 2 new guides on artificial intelligence (AI) for organisations for...
The last ten days of September were tough for Australia’s largest medical imaging provider, I-MED....
Earlier this year, the European Union enacted the world’s first AI Act – and the...
Draft new cyber security bills were released this month. The purpose of the new laws...
The January to June 2024 Data Breach Report from the Office of the Australian Information...
After nearly five years of discussion, the much-anticipated Privacy Act changes were introduced into Parliament...
We are thrilled to announce that Privacy 108 has achieved ISO 27001 certification, a prestigious...
Human error data breaches through email are extremely common. The convenience, familiarity, and relative informality...
We all know about hoarders – but what about data hoarders? Is it a ‘thing’...
Cal Newport’s book Digital Minimalism discusses the benefits of focusing on a small number of...
Employee records of current or former private sector employees are exempt from the Australian Privacy...
On July 19, 2024, we saw a major global IT outage caused by a faulty...
Understanding and managing your data is becoming a fundamental piece of any privacy compliance program....
The last few years have seen a shift from data being the new oil to...
The CIPP/E certification is becoming increasingly popular. It is a great way to demonstrate your...
Data brokers play a significant (and extremely personal information-intensive) role in Australia’s business ecosystem. However,...
The Australian Communication and Media Authority (ACMA) recently announced its 2024-2025 enforcement priorities and plans...
Our report on privacy jobs advertised in Australia between January and March 2024 is now available....
Cyber security is a key concern for almost every board member. But how best should...
ISO 29100 Privacy Framework is a standard all privacy practitioners should be aware of. Substantially...
There are privacy-related ISO standards, old and new, that can help in developing and improving...
In October 2022, Medibank suffered a severe breach, affecting 9.7 million people. It is alleged...
This week, headlines focused on the potential for a $21 trillion penalty against Medibank for...
If you’re taking the CIPP/E or just interested in how European and EU data protection...
Australia’s Privacy Awareness Week wrapped up on 12 May, but the components of its theme,...
We’ve analysed two determinations from the Australian Information Commissioner relating to data breach reporting and...
We have prepared this Template as an example AI impact assessment form that can be...
We’ve prepared this guide for personnel who engage in direct marketing activities, particularly those who...
Privacy 108 monitors and reports on privacy jobs advertised in Australia. We’ve tracked the number,...
What will the proposed changes to Australia’s Privacy Act mean for transparency? For Privacy Awareness Week...
For Privacy Awareness Week 2024 (from 6-12 May 2024), organisations are being asked to 'power...
The OAIC’s determination in a recent case involving Serco and the systems it used in...
Australia’s Digital ID Bill passed on Mar 28, 2024. Our new ID system is designed...
Consultation on the latest proposals for cyber security regulation in Australia has now closed. What...
Australia’s privacy law landscape doesn’t grant the same rights individuals resident in the EU and...
We recently published our comprehensive guide to managing vendor privacy risk in 2024. The 17-page ebook...
You know you need to do it, but the data minimization project is overwhelming. You...
News this week was that Medibank failed in its bid to stop the OAIC investigations...
Balancing user privacy with business growth isn't always easy. Enter Privacy UX (shorthand for ‘privacy...
The Office of the Australian Information Commissioner (OAIC) has released its latest Notifiable Data Breaches...
Australia’s privacy risk management landscape is being shaped by increasing visibility of data breaches, penalties,...
Thinking of sitting for the CIPP/E? Here are 5 good reasons to get your CIPP/E...
Things are changing quickly in cybersecurity regulation in Europe. Here’s a list of the existing...
Privacy 108 monitors and reports on privacy jobs advertised in Australia. We've tracked the number,...
Privacy Impact Assessments are a powerful and often overlooked tool. They’re a compliance requirement, in...
In case you missed them, we've compiled the most popular posts we published in 2023. #1:...
As the end of 2023 approaches (thank goodness say some!), let’s reflect on some of...
ISACA’s 2023 Privacy in Practice report included a list of the most common privacy failures...
Creating a complete data inventory is one thing – but supporting it over time is...
The Australian Securities and Investments Commission (ASIC) is ramping up its emphasis on cybersecurity with...
Privacy 108’s report on privacy jobs advertised in Australia between January and June 2023 is...
Third-party vendor management extends far beyond the initial signing of your contract. It’s an ongoing...
In February 2023, a hacker used an SMS phishing scheme on a HR employee in...
In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of...
Things are changing fast in European privacy! We don’t typically see annual updates by the...
Data tagging helps businesses enhance data security, improve data governance, and better manage data and...
Queensland looks to join NSW as the only other Australian state with a mandatory data...
Earlier this year, we provided an update on the privacy reform proposals related to ‘accountability’...
Privacy 108 Founder Dr Jodie Siganto recently appeared on The Briefing to discuss the GoodSam...
Privacy for technologists is a rapidly developing field. The IAPP’s CIPT Body of Knowledge has...
Data catalogues provide a unified and searchable view of an organisation’s data and data sources....
“Every technology, including AI like ChatGPT, comes with potential risks and benefits. Balancing innovation with...
Key Findings in the OAIC’s Data Breach Report: January – June 2023 Some of the most...
Passwords are probably the most well-known account security feature that exists today. But they’re problematic....
Earlier this year, news broke about a third-party data breach that impacted the personal information...
The National Institute of Standards and Technology (NIST) Privacy Framework was developed through a collaborative...
Preparing for managing customer complaints after a privacy breach is a critical step in your...
Privacy skills are in demand. And as the demand grows and the privacy industry matures,...
Interested in what Australians think about privacy, use of AI and facial recognition and the...
Cyber insurance is not just becoming increasingly common, it is also becoming a requirement for...
2023 has brought with it a flurry of activity in terms of privacy legislation in...
Following the highly-publicised ban of TikTok on government devices, Australians are starting to pay more...
Victoria's privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), released a report into how...
Cybersecurity concerns are no longer the domain of the IT department. They permeate every aspect...
While Domain I might be the most challenging domain, Domain II in the CIPP/E certification...
It’s rare for an organization to not use at least one third party – whether...
The HWL Ebsworth data breach has sent shivers down the spine of every professional consulting...
The OAIC are again investigating the Australian Federal Police over AI surveillance concerns, this time...
Regulating AI has been on the agenda globally for some time, amid growing concern over...
After three years of limbo, personal data can flow from the EU to companies in...
As the privacy industry matures, we’re seeing more privacy and security jobs seeking professionals who...
In May, hundreds of AI experts warned that AI (if left unchecked) could pose an...
In Australia, privacy protections don't apply once you're dead. What do Kylie Minogue, John Lennon, Madge...
Evaluating your privacy program helps to allocate and justify resources and budgets, align your privacy...
What do these scenarios have in common? Images of a woman sitting on a toilet...
The Organisation for Economic Co-operation and Development (OECD) published a report on privacy enhancing technologies...
ChatGPT promises to revolutionise the way we write and work. In late May, Thomson Reuters...
The IAPP announced its new course in September 2022 – Foundations of Privacy. This course...
Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land...
This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will...
Dark patterns is a subject close to our heart. We’ve written about them before, including: Dark...
In February 2023, the Australian Attorney-General released its Privacy Act Review Report 2022 and we...
In the spirit of Privacy Awareness Week 2023, we are sharing 3 tips to safeguard...
Privacy Awareness Week 2023 runs from May 1 to May 7. To build on this...
We’ll continue our deep dive into Australia’s Privacy Act Review report in this article. We...
Privacy Awareness Week 2023 is May 1 to 7, 2023. This year the theme is...
On 8 December 2022, the Minister for Cyber Security, the Hon. Clare O’Neil MP, announced...
We’re continuing our deep dive into the Privacy Act Review Report. You can read our...
Organisations covered by the Australian Privacy Act must provide access to the personal information the...
Privacy 108's report on privacy jobs advertised in Australia in October, November and December 2022...
Deep Dive 1: Security, data breach notification and retention In February 2023, after nearly three years...
Australian financial services provider, Latitude Financial, has announced that it has suffered a data breach...
Differential privacy is a formal mathematical definition of privacy. At its core, implementing differential privacy...
The importance of organisational data is growing each year. And today, a data management strategy...
Key Findings in the OAIC’s Data Breach Report: July – December 2022 The OAIC highlighted the...
An accurate and up-to-date data inventory is the basis of any privacy program. And with...
On 16 February 2023, the Commonwealth Attorney-General released the Privacy Act Review Report 2022. The report...
When a potential hire sends you their CV, you will likely collect their personal information....
In January 2022, Austria became the first EU country to state that the continuous use...
Around 400 parents of current and former Mount Lilydale Mercy students were recently alerted to...
The widespread information about website requirements for organisations covered by the GDPR and California Privacy...
ISO is set to launch a new privacy standard in February: ISO 31700 Privacy by...
DNA testing – should we care? You may have seen The Lost King, a fascinating film...
The recent ACCC v Google LLC decision provides useful advice. Google recently defeated an action by...
Big data offers huge benefits: it improves human life with new medical and health solutions...
TechCrunch recently released its list of the most badly handled data breaches in 2022. Surprisingly...
A free online webinar on February 8th 2023 by Dr Andelka M. Phillips - Senior...
Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track...
We've compiled our top ten most-read privacy blog posts for 2022. They're listed below, starting...
Australia’s regulation of electronic surveillance has been a mess for some time. When it announced...
The OAIC’s latest reporting shows that 33% of human error data breaches in Australia are...
The OAIC’s Findings in its Data Breach Report January-June 2022 The OAIC highlighted the following key...
Call centres are hotbeds for the collection – and theft and misuse - of personal...
The CPRA (California Privacy Rights Act) is set to change the face of privacy in...
The increase in data breaches has highlighted that organisations are holding onto data, a lot...
It has been some time since we covered data flows between the EU and US....
The days of board directors delegating oversight of cybersecurity to department managers are long behind...
With Optus and Medibank data breaches affecting over 10 million Australians, many have pointed to...
Candidates with law degrees have been highly sought by employers looking to fill privacy roles...
Hot off the press - ISO 27001:2022 has been published! The much-anticipated update to ISO 27001:2013...
Biometric technologies have been making their way into schools for years. It's not uncommon for...
This week the Federal Attorney General introduced legislation to increase fines for privacy breaches, largely...
While million-dollar fines are commonplace in Europe, the $1.2million settlement following the Sephora Enforcement Action...
Email marketing can be exceptionally effective – but engaging in it is also rife with...
There has been a great deal of backlash in the wake of the Optus data...
The Optus data breach has exposed how harmful a cyber incident can be. Many are...
5 practical tips on CIPT exam prep for anyone thinking of taking the exam. Privacy 108...
Using privacy by design to bake privacy in early is becoming a must. The benefits...
Dr Jodie Siganto was one of the privacy and security experts interviewed by the ABC...
In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata...
Roe v Wade, the US Supreme Court case which protected the right to abortion for...
Key takeaways: Employee photos may be personal information for the purposes of the Privacy Act,...
Privacy has been in the headlines recently following the CHOICE investigation into the use of...
Email marketing is remarkably effective. In its 2021 Email Marketing ROI Statistics report Barilliance cites the average return-on-investment...
Like many countries Australia has an AI ethical framework. But how influential will it be...
The use of biometrics in Australia is increasing, in the workplace, by retailers, educational institutions...
One of the most common privacy questions is: are work email addresses considered personal information...
Small businesses[1] are largely exempt from the Australian Privacy Act 1988 (Cth) and this is...
The Office of the Australian Information Commissioner (OAIC) recently released its Notifiable Data Breaches Report: January...
Privacy engineering has emerged as a vital function for almost every business. Privacy engineers can...
Regulators around the globe have been targeting their enforcement efforts at companies that engage in...
ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal...
Privacy is an exciting field that’s attracting plenty of attention in the media. It’s an...
The Privacy 108 team has reviewed OAIC determinations published since 1 November 2010 and identified...
Data mapping is one of the most critical steps in any privacy program. Maintaining a...
Phenomenally high penalties pertaining to privacy breaches are now routinely found in news headlines. In...
Penalties have started to flow in for Clearview AI’s controversial scraping and use of the...
Rushed, imprecise and unlikely to be enforced? And most importantly, why? In November 2020, the Australian...
What is the CIPT Certification? CIPT stands for Certified Information Privacy Technologist. It’s essentially a certification...
Australian federal law enforcement agencies can now alter online data and take over on-line accounts....
In early May 2022, the Australian Federal Court released its judgement in the long-running ASIC...
Ransomware in Australia is on the rise! As a result, regulators are paying more and...
Thinking about getting the CISM? This is an easy guide to all the practical steps...
Google Trends tells us there has been a slow and steady increase in interest in...
The Woolworths Group have updated their Privacy Policy. The new policy is good but could...
In June, Swedish furniture chain IKEA was ordered to pay a fine of 1 million...
Flight Centre, Australia’s largest travel agency suffered a data breach affecting nearly 7,000 customers, as...
Today, there’s no such thing as the ‘ideal background’ for a privacy professional. Privacy is...
How can you give yourself the greatest chance of passing your CISM exam? We want...
Privacy 108’s analysis of Australian privacy jobs advertised in September 2022 is now available. Main Findings...
Privacy 108’s analysis of Australian privacy jobs advertised in June 2022 is now available. Main Findings...
Thinking of taking the iapp CIPP/E exam but not sure how to prepare or whether...
Privacy Awareness Week 2022 runs from 2-8 May. To highlight this year’s theme: Privacy –...
In 2019, we reported on three (3) Australian data breach class actions. Nearly 2 years...
5 practical tips on CIPP/E exam prep for anyone thinking of taking the exam. What is...
Australia has a patchwork of state laws that cover listening devices and the surveillance of...
Cookies, aggregated data, dark patterns, and ransomware are just a few of thousands of privacy-related...
The IAPP’s CIPP/E certification covers key privacy terminology, and the practical considerations relating to personal...
We are often asked by privacy practitioners to recommend security training to help them get...
Organisations are getting used to the extraterritorial scope of privacy laws enacted in other countries,...
Compliance with Australia’s Privacy Principles is non-negotiable for organisations covered by Australia’s privacy laws (APP...
Canada appears to be looking to update and strengthen its digital privacy with the introduction...
Queensland is updating its Information Privacy and Right to Information Framework, with a consultation paper...
The American Data Privacy and Protection Act (ADPPA) is making its way through the US...
On 30 June 2022, the Cyberspace Administration of China (CAC) released a template agreement for...
The ISACA updates the content of its curriculum and exams around every five years. The...
The frequency of ransomware attacks is rising, as is the average cost of a privacy...
Privacy is an exciting and dynamic field that is rapidly changing. While this makes it...
The Australian Competition and Consumer Commission (ACCC) has proposed a “three-pronged approach” to ensure Australia...
Thailand enacted its comprehensive privacy law on 28 May 2019. After giving covered organisations three...
Dark patterns regulation has emerged as a focus in both the US and EU over...
Laws banning dark patterns, hidden advertising, and manipulated consumer reviews became effective in the EU...
Privacy breaches and enforcement in Europe, the US, and Australia garner much media attention in...
The New SCCs require organisations to undertake a transfer impact assessment before completing a transfer...
Privacy 108’s analysis of Australian privacy jobs advertised in March 2022 is now available. Main Findings...
The penalties for sending unsolicited (or spam) marketing emails in Australia can be severe –...
We revealed in our December 2021 Privacy Jobs Report that larger organisations are increasingly implementing...
In a world where there’s no cookie cutter template to privacy, companies are hungry for...
Europe’s landmark General Data Protection Regulations (GDPR) came into effect (just over) 4 years on...
For any IAPP certification, real-world experience is an advantage – but sitting an exam is...
"Distrust is now society’s default emotion”. This is the no. 1 Takeaway from the 2022...
Many privacy and cyber security professionals across Australia were surprised by the $9.9 billion earmarked...
Under Australian law, organisations are required to notify the Office of the Australian Information Commissioner...
The Whitehouse and EU Commission announced the impending arrival of Privacy Shield 2.0 on 25...
With the rise of cyber security incidents and increased concern about ransomware, additional data breach...
The new 2022 revision of ISO 27002 was published on February 15, 2022 It’s been eight...
The EU General Data Protection Regulation (GDPR) requires certain organisations to appoint a data protection...
Australia’s Privacy Act 1988 requires APP entities to have a clear and up-to-date privacy policy...
When the GDPR introduced hefty new fines and more stream lined enforcement, many privacy advocates...
Finally, ISO 27002 has been updated! The information security management standard ISO 27001 and its code...
China’s privacy law, the Personal Information Protection Law (PIPL), came into effect on November 1,...
De-identification is a powerful solution to many of the privacy concerns data sharing and use...
On January 19, the International Committee of the Red Cross (ICRC) published a press release...
As customers become more alert to privacy issues, organisational privacy programs must achieve customer trust...
Late last month, in our coverage of the largest GDPR fines in 2021, we outlined...
Results from our 2021 Privacy Professional Survey are now available. Thank you to everyone who...
EU privacy regulators last year levied fines totalling more than €1 billion for GDPR breaches,...
Privacy 108 has submitted its response to the Privacy Act Review Discussion Paper. You can...
The recent decision around the use of Google Analytics underlines the continuing battles between EU...
Facebook and Google have received hefty fines from France’s lead data protection authority, the CNIL,...
Privacy 108’s analysis of Australian privacy jobs advertised in December 2021 is now available. Main Findings...
Thinking about taking the IAPP CIPM exam but you’re not sure how to prepare or...