After The Ink Dries: Monitoring Third Parties You Share Personal Information with Beyond Due Diligence
Third-party vendor management extends far beyond the initial signing of your contract. It’s an ongoing...
30 November, 2023
The Webs We Weave: Building Stronger Cross-Functional Privacy Practices
In February 2023, a hacker used an SMS phishing scheme on a HR employee in...
24 November, 2023
OAIC sues ACL for security failure
In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of...
16 November, 2023
CIPPE 2023 Update: Here’s What Changed
Things are changing fast in European privacy! We don’t typically see annual updates by the...
15 November, 2023
Data Tagging: Best Practices, Security & Implementation Tips
Data tagging helps businesses enhance data security, improve data governance, and better manage data and...
14 November, 2023
Queensland’s Data Breach Notification Scheme for Government Agencies
Queensland looks to join NSW as the only other Australian state with a mandatory data...
01 November, 2023
Persevering Progress: Privacy Act ‘Accountability’ Reforms
Earlier this year, we provided an update on the privacy reform proposals related to ‘accountability’...
27 October, 2023
GoodSAM Privacy Risks: The Briefing Speaks with Dr Jodie Siganto
Privacy 108 Founder Dr Jodie Siganto recently appeared on The Briefing to discuss the GoodSam...
27 October, 2023
The 2023 Updated CIPT Body of Knowledge: What Has Changed?
Privacy for technologists is a rapidly developing field. The IAPP’s CIPT Body of Knowledge has...
21 October, 2023
Data Catalogues: The Unsung Heroes of Organisational Privacy
Data catalogues provide a unified and searchable view of an organisation’s data and data sources....
13 October, 2023
ChatGPT Wrote This Blog Post: How Could This Affect Organisational Privacy?
“Every technology, including AI like ChatGPT, comes with potential risks and benefits. Balancing innovation with...
06 October, 2023
OAIC Data Breach Report: January – June 2023
Key Findings in the OAIC’s Data Breach Report: January – June 2023 Some of the most...
28 September, 2023
RIP Passwords: Are Passkeys the Future of Account Security?
Passwords are probably the most well-known account security feature that exists today. But they’re problematic....
28 September, 2023
What To Do If a Third Party Mishandles Data Your Organisation Shared with It
Earlier this year, news broke about a third-party data breach that impacted the personal information...
27 September, 2023
NIST Privacy Framework – 5 Tips for Implementation
The National Institute of Standards and Technology (NIST) Privacy Framework was developed through a collaborative...
15 September, 2023
Preparing for Complaints After a Privacy Breach in Australia: Legal and Business Tips
Preparing for managing customer complaints after a privacy breach is a critical step in your...
08 September, 2023
Which Privacy Certification is Right for Me?
Privacy skills are in demand. And as the demand grows and the privacy industry matures,...
04 September, 2023
It depends … some findings from Australia’s Attitude to Privacy Survey
Interested in what Australians think about privacy, use of AI and facial recognition and the...
27 August, 2023
Cyber Insurance – Is It Worth It?
Cyber insurance is not just becoming increasingly common, it is also becoming a requirement for...
26 August, 2023
US State Privacy Laws & Australian Organisations: An Update
2023 has brought with it a flurry of activity in terms of privacy legislation in...
24 August, 2023
Privacy and Security in Mobile App Development: Tips to Creating Better Apps
Following the highly-publicised ban of TikTok on government devices, Australians are starting to pay more...
18 August, 2023
Third party service providers: It’s so much more than the contract
Victoria's privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), released a report into how...
11 August, 2023
3 Tips for Talking to Boards About Cybersecurity
Cybersecurity concerns are no longer the domain of the IT department. They permeate every aspect...
10 August, 2023
CIPP/E Domain II: Understanding the GDPR
While Domain I might be the most challenging domain, Domain II in the CIPP/E certification...
08 August, 2023
5 Tips for Managing Third Party Security Risk
It’s rare for an organization to not use at least one third party – whether...
28 July, 2023
Lessons from the HWL Ebsworth Data Breach
The HWL Ebsworth data breach has sent shivers down the spine of every professional consulting...
28 July, 2023
Australia’s AI regulation discussion paper: Late to the party again …
Regulating AI has been on the agenda globally for some time, amid growing concern over...
24 July, 2023
Finally! A new EU-US Data Transfer Framework
After three years of limbo, personal data can flow from the EU to companies in...
12 July, 2023
An Overview of Cybersecurity Certifications in Australia
As the privacy industry matures, we’re seeing more privacy and security jobs seeking professionals who...
10 July, 2023
AI Regulation Around The World
In May, hundreds of AI experts warned that AI (if left unchecked) could pose an...
30 June, 2023
Evaluating Privacy: Privacy Metrics to Measure Effectiveness
Evaluating your privacy program helps to allocate and justify resources and budgets, align your privacy...
23 June, 2023
Tips For Developing an Effective Privacy Training Program
What do these scenarios have in common? Images of a woman sitting on a toilet...
16 June, 2023
Emerging Privacy Enhancing Technologies: A Summary of the OECD 2023 PET Report
The Organisation for Economic Co-operation and Development (OECD) published a report on privacy enhancing technologies...
12 June, 2023
Managing ChatGPT and Privacy in Australian Organisations
ChatGPT promises to revolutionise the way we write and work. In late May, Thomson Reuters...
01 June, 2023
Foundations of Privacy: Who Should Take IAPP’s Newest Privacy Training Course
The IAPP announced its new course in September 2022 – Foundations of Privacy. This course...
20 May, 2023
Key Themes from Recent Spam Penalties by ACMA
Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land...
19 May, 2023
A new OAIC or back to the future?
This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will...
16 May, 2023
More about dark patterns …
Dark patterns is a subject close to our heart. We’ve written about them before, including: Dark...
09 May, 2023
Increased Accountability Obligations: Privacy Act Review Report Deep Dive Part 4
In February 2023, the Australian Attorney-General released its Privacy Act Review Report 2022 and we...
08 May, 2023
3 Steps to Safeguard Privacy
In the spirit of Privacy Awareness Week 2023, we are sharing 3 tips to safeguard...
07 May, 2023
Organisational Privacy Basics: Privacy Awareness Week 2023
Privacy Awareness Week 2023 runs from May 1 to May 7. To build on this...
28 April, 2023
New Australian Laws Proposed for Direct Marketing, Targeting, & Data Analytics: Privacy Act Review Report Deep Dive Part 3
We’ll continue our deep dive into Australia’s Privacy Act Review report in this article. We...
26 April, 2023
Ch. Ch. Ch. Changing Definitions in Australian Privacy: Privacy Act Review Deep Dive
We’re continuing our deep dive into the Privacy Act Review Report. You can read our...
18 April, 2023
Responding to Access Requests: Practical Tips to Meet Your Privacy Obligations
Organisations covered by the Australian Privacy Act must provide access to the personal information the...
12 April, 2023
Australian Privacy Jobs Quarterly Report – December 2022
Privacy 108's report on privacy jobs advertised in Australia in October, November and December 2022...
30 March, 2023
Privacy Act Review: What’s proposed for Security, Data Breach Notification and Retention?
Deep Dive 1: Security, data breach notification and retention In February 2023, after nearly three years...
28 March, 2023
Australia’s First Major Financial Services Provider Breach: Latitude Financial Ransomware Update
Australian financial services provider, Latitude Financial, has announced that it has suffered a data breach...
27 March, 2023
Differential Privacy: Where Maths and Privacy Meet
Differential privacy is a formal mathematical definition of privacy. At its core, implementing differential privacy...
20 March, 2023
Data Management Strategy: No Longer a Nice-to-Have
The importance of organisational data is growing each year. As we move through 2023, a...
11 March, 2023
OAIC Data Breach Report: July – December 2022
Key Findings in the OAIC’s Data Breach Report: July – December 2022 The OAIC highlighted the...
03 March, 2023
Data Inventories: Best Practices & Practical Implementation Tips
An accurate and up-to-date data inventory is the basis of any privacy program. And with...
01 March, 2023
Proposed Privacy Act reforms: Inching closer to a fit for purpose Privacy Act?
On 16 February 2023, the Commonwealth Attorney-General released the Privacy Act Review Report 2022. The report...
25 February, 2023
Avoiding Privacy Issues When Recruiting Staff: 10 Practical Tips
When a potential hire sends you their CV, you will likely collect their personal information....
25 February, 2023
Can You Use Google Analytics in the EU? A Guide for Australian Organisations
In January 2022, Austria became the first EU country to state that the continuous use...
10 February, 2023
Melbourne School Data Breach: Lessons for Handling Credit Card Hacks
Around 400 parents of current and former Mount Lilydale Mercy students were recently alerted to...
03 February, 2023
Privacy Do’s and Don’ts for Australian Websites
The widespread information about website requirements for organisations covered by the GDPR and California Privacy...
27 January, 2023
ISO 31700: New ISO Standard for Privacy by Design
ISO is set to launch a new privacy standard in February: ISO 31700 Privacy by...
24 January, 2023
How Do You Legally Change Your Privacy Policy?
The recent ACCC v Google LLC decision provides useful advice. Google recently defeated an action by...
20 January, 2023
Big data and de-identification: Taking a risk management approach
Big data offers huge benefits: it improves human life with new medical and health solutions...
11 January, 2023
Key Takeaways from TechCrunch’s List of Badly Handled Data Breaches in 2022
TechCrunch recently released its list of the most badly handled data breaches in 2022. Surprisingly...
10 January, 2023
Buying yourself online – an introduction to privacy issues with online DNA testing
A free online webinar on February 8th 2023 by Dr Andelka M. Phillips - Senior...
21 December, 2022
Privacy Issues for Employers Using Biometrics in the Workplace
Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track...
20 December, 2022
Electronic Surveillance Reform in Australia: What can we expect next?
Australia’s regulation of electronic surveillance has been a mess for some time. When it announced...
18 December, 2022
Email Snafu – What to Do If You Send Personal Information to the Wrong Email
The OAIC’s latest reporting shows that 33% of human error data breaches in Australia are...
15 December, 2022
OAIC Data Breach Report January–June 2022: Our Analysis
The OAIC’s Findings in its Data Breach Report January-June 2022 The OAIC highlighted the following key...
13 December, 2022
Privacy for Call Centres: Increase Privacy with These 5 Tips
Call centres are hotbeds for the collection – and theft and misuse - of personal...
04 December, 2022
CPRA: New privacy obligations in California to take effect from 1 January 2023
The CPRA (California Privacy Rights Act) is set to change the face of privacy in...
24 November, 2022
Worried about Data Breaches? How Privacy by Design can help
The increase in data breaches has highlighted that organisations are holding onto data, a lot...
24 November, 2022
Trans-Atlantic Data Privacy Framework: A Solution to EU/US Cross Border Data Transfer Issues
It has been some time since we covered data flows between the EU and US....
17 November, 2022
Questions Boards Should Ask About Cybersecurity
The days of board directors delegating oversight of cybersecurity to department managers are long behind...
10 November, 2022
Privacy Act Amendments: Real deterrent or window dressing?
With Optus and Medibank data breaches affecting over 10 million Australians, many have pointed to...
09 November, 2022
Law Degrees for Privacy Professionals: Must Haves or Nice to Haves?
Candidates with law degrees have been highly sought by employers looking to fill privacy roles...
04 November, 2022
Biometrics in Schools and Privacy Issues: What Could Go Wrong?
Biometric technologies have been making their way into schools for years. It's not uncommon for...
28 October, 2022
Privacy Act changes proposed … but will they work?
This week the Federal Attorney General introduced legislation to increase fines for privacy breaches, largely...
27 October, 2022
California’s Sephora Enforcement Action – What Does It Mean for Australian Organisations?
While million-dollar fines are commonplace in Europe, the $1.2million settlement following the Sephora Enforcement Action...
21 October, 2022
Email Marketing Compliance Do’s & Don’ts When Buying Lists and Data Scraping
Email marketing can be exceptionally effective – but engaging in it is also rife with...
17 October, 2022
The Optus Data Breach Communications – A Case Study of What Not to Do in the Wake of a Breach
There has been a great deal of backlash in the wake of the Optus data...
05 October, 2022
Optus Data Breach: Time for change?
The Optus data breach has exposed how harmful a cyber incident can be. Many are...
05 October, 2022
Privacy by Design: How to Bake Privacy in Early
Using privacy by design to bake privacy in early is becoming a must. The benefits...
30 September, 2022
Metadata access is being abused. Who would have thought?
In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata...
27 September, 2022
Employee Photos and Privacy: What You Need To Know
Key takeaways: Employee photos may be personal information for the purposes of the Privacy Act,...
10 April, 2021
CCTV Laws in Australia: 5 Tips for Managing CCTV Privacy Issues
Privacy has been in the headlines recently following the CHOICE investigation into the use of...
11 July, 2022
Australia’s AI Ethical Framework: Another paper tiger?
Like many countries Australia has an AI ethical framework. But how influential will it be...
08 July, 2021
Is a work email address covered by privacy laws?
One of the most common privacy questions is: are work email addresses considered personal information...
11 October, 2021
ISO 27701 Privacy Management System: How useful is it?
ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal...
05 May, 2020
Career Roadmap for Privacy Professionals in Australia
Privacy is an exciting field that’s attracting plenty of attention in the media. It’s an...
06 March, 2021
OAIC Determinations: A slice and dice of the data
The Privacy 108 team has reviewed OAIC determinations published since 1 November 2010 and identified...
03 July, 2022
Data Mapping: How to Map Your Data for Better Privacy Management
Data mapping is one of the most critical steps in any privacy program. Maintaining a...
19 June, 2021
How Much Does a Privacy Breach Cost in Australia?
Phenomenally high penalties pertaining to privacy breaches are now routinely found in news headlines. In...
16 March, 2022
Clearview AI’s Australian Privacy Breach
Penalties have started to flow in for Clearview AI’s controversial scraping and use of the...
18 March, 2022
How To Prepare for the CIPT Exam: A Privacy Instructor Explains
What is the CIPT Certification? CIPT stands for Certified Information Privacy Technologist. It’s essentially a certification...
27 August, 2021
The end to ASIC v RI Advice: Cyber security take-aways for Australian organisations
In early May 2022, the Australian Federal Court released its judgement in the long-running ASIC...
06 May, 2022
How do I get my CISM Certification?
Thinking about getting the CISM? This is an easy guide to all the practical steps...
23 April, 2021
Privacy Officers: What do they do?
Google Trends tells us there has been a slow and steady increase in interest in...
09 June, 2021
Woolworths’ New Privacy Policy: Making privacy simple?
The Woolworths Group have updated their Privacy Policy. The new policy is good but could...
06 February, 2021
IKEA France’s CEO Handed a Suspended Sentence for Spying on Employees: Could This Happen in Australia?
In June, Swedish furniture chain IKEA was ordered to pay a fine of 1 million...
14 August, 2021
Flight Centre’s Design Jam Data Breach: What can we learn?
Flight Centre, Australia’s largest travel agency suffered a data breach affecting nearly 7,000 customers, as...
16 February, 2021
How do I Prepare for the CISM Certification Exam?
How can you give yourself the greatest chance of passing your CISM exam? We want...
23 April, 2021
Australian Privacy Jobs Quarterly Report – Sep 2022
Privacy 108’s analysis of Australian privacy jobs advertised in September 2022 is now available. Main Findings...
17 November, 2022
Preparing for the iapp CIPP/E Exam? Some exam prep tips
Thinking of taking the iapp CIPP/E exam but not sure how to prepare or whether...
22 October, 2020
Calling Out 3 of the Biggest Privacy Fails of 2021
Privacy Awareness Week 2022 runs from 2-8 May. To highlight this year’s theme: Privacy –...
15 April, 2022
Privacy Cases in Australia: Any Progress?
In 2019, we reported on three (3) Australian data breach class actions. Nearly 2 years...
26 May, 2020
5 Tips on Preparing for the CIPP/E exam
5 practical tips on CIPP/E exam prep for anyone thinking of taking the exam. What is...
28 October, 2021
Delayed Data Breach Notification: When is it okay to delay?
Under Australian law, organisations are required to notify the Office of the Australian Information Commissioner...
22 April, 2022
A Privacy Instructor’s Guide to the CIPM Exam
Thinking about taking the IAPP CIPM exam but you’re not sure how to prepare or...
13 January, 2022
Update on Australia’s First Cyber Security Case: ASIC v RI Advice
Earlier this year, we published a post about Australia’s First Cyber Security Case – ASIC...
30 October, 2021
CIPT Qualifications and Your Career: Where Will This Certification Take You?
With regulators increasing focusing on data security and cyber security, many tech professionals are considering...
07 October, 2021
CIPM Certification Careers: Where will the CIPM privacy qualification take you?
We’re seeing more and more Australian employers seeking privacy professionals with relevant certifications. As more...
10 July, 2021
Domain 1: The most challenging CIPP/E domain?
Domain 1 questions are the most challenging for the respondents to our on-line CIPP/E. Do you...
22 May, 2021
What You Need to Know About the History of Data Privacy for Your CIPP/E Exam
If you’re reading this, you likely already know that the CIPP/E is the IAPP's European...
13 February, 2021