Data Hoarding: Addressing the Behavioural and Cultural Challenges of Data Minimisation
We all know about hoarders – but what about data hoarders? Is it a ‘thing’...
We all know about hoarders – but what about data hoarders? Is it a ‘thing’...
Cal Newport’s book Digital Minimalism discusses the benefits of focusing on a small number of...
Employee records of current or former private sector employees are exempt from the Australian Privacy...
On July 19, 2024, we saw a major global IT outage caused by a faulty...
Understanding and managing your data is becoming a fundamental piece of any privacy compliance program....
The last few years have seen a shift from data being the new oil to...
The CIPP/E certification is becoming increasingly popular. It is a great way to demonstrate your...
Data brokers play a significant (and extremely personal information-intensive) role in Australia’s business ecosystem. However,...
The Australian Communication and Media Authority (ACMA) recently announced its 2024-2025 enforcement priorities and plans...
Our report on privacy jobs advertised in Australia between January and March 2024 is now available....
Cyber security is a key concern for almost every board member. But how best should...
ISO 29100 Privacy Framework is a standard all privacy practitioners should be aware of. Substantially...
There are privacy-related ISO standards, old and new, that can help in developing and improving...
In October 2022, Medibank suffered a severe breach, affecting 9.7 million people. It is alleged...
This week, headlines focused on the potential for a $21 trillion penalty against Medibank for...
If you’re taking the CIPP/E or just interested in how European and EU data protection...
Australia’s Privacy Awareness Week wrapped up on 12 May, but the components of its theme,...
We’ve analysed two determinations from the Australian Information Commissioner relating to data breach reporting and...
We have prepared this Template as an example AI impact assessment form that can be...
We’ve prepared this guide for personnel who engage in direct marketing activities, particularly those who...
Privacy 108 monitors and reports on privacy jobs advertised in Australia. We’ve tracked the number,...
What will the proposed changes to Australia’s Privacy Act mean for transparency? For Privacy Awareness Week...
For Privacy Awareness Week 2024 (from 6-12 May 2024), organisations are being asked to 'power...
The OAIC’s determination in a recent case involving Serco and the systems it used in...
Australia’s Digital ID Bill passed on Mar 28, 2024. Our new ID system is designed...
Consultation on the latest proposals for cyber security regulation in Australia has now closed. What...
Australia’s privacy law landscape doesn’t grant the same rights individuals resident in the EU and...
We recently published our comprehensive guide to managing vendor privacy risk in 2024. The 17-page ebook...
You know you need to do it, but the data minimization project is overwhelming. You...
News this week was that Medibank failed in its bid to stop the OAIC investigations...
Balancing user privacy with business growth isn't always easy. Enter Privacy UX (shorthand for ‘privacy...
The Office of the Australian Information Commissioner (OAIC) has released its latest Notifiable Data Breaches...
Australia’s privacy risk management landscape is being shaped by increasing visibility of data breaches, penalties,...
Thinking of sitting for the CIPP/E? Here are 5 good reasons to get your CIPP/E...
Things are changing quickly in cybersecurity regulation in Europe. Here’s a list of the existing...
Privacy 108 monitors and reports on privacy jobs advertised in Australia. We've tracked the number,...
Privacy Impact Assessments are a powerful and often overlooked tool. They’re a compliance requirement, in...
Children’s privacy, in terms of the information that websites and apps collect about child users,...
In case you missed them, we've compiled the most popular posts we published in 2023. #1:...
As the end of 2023 approaches (thank goodness say some!), let’s reflect on some of...
ISACA’s 2023 Privacy in Practice report included a list of the most common privacy failures...
Creating a complete data inventory is one thing – but supporting it over time is...
The Australian Securities and Investments Commission (ASIC) is ramping up its emphasis on cybersecurity with...
Third-party vendor management extends far beyond the initial signing of your contract. It’s an ongoing...
In February 2023, a hacker used an SMS phishing scheme on a HR employee in...
In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of...
Things are changing fast in European privacy! We don’t typically see annual updates by the...
Data tagging helps businesses enhance data security, improve data governance, and better manage data and...
Queensland looks to join NSW as the only other Australian state with a mandatory data...
Earlier this year, we provided an update on the privacy reform proposals related to ‘accountability’...
Privacy 108 Founder Dr Jodie Siganto recently appeared on The Briefing to discuss the GoodSam...
Privacy for technologists is a rapidly developing field. The IAPP’s CIPT Body of Knowledge has...
Data catalogues provide a unified and searchable view of an organisation’s data and data sources....
“Every technology, including AI like ChatGPT, comes with potential risks and benefits. Balancing innovation with...
Key Findings in the OAIC’s Data Breach Report: January – June 2023 Some of the most...
Passwords are probably the most well-known account security feature that exists today. But they’re problematic....
Earlier this year, news broke about a third-party data breach that impacted the personal information...
The National Institute of Standards and Technology (NIST) Privacy Framework was developed through a collaborative...
Preparing for managing customer complaints after a privacy breach is a critical step in your...
Privacy skills are in demand. And as the demand grows and the privacy industry matures,...
Interested in what Australians think about privacy, use of AI and facial recognition and the...
Cyber insurance is not just becoming increasingly common, it is also becoming a requirement for...
2023 has brought with it a flurry of activity in terms of privacy legislation in...
Following the highly-publicised ban of TikTok on government devices, Australians are starting to pay more...
Victoria's privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), released a report into how...
Cybersecurity concerns are no longer the domain of the IT department. They permeate every aspect...
While Domain I might be the most challenging domain, Domain II in the CIPP/E certification...
It’s rare for an organization to not use at least one third party – whether...
The HWL Ebsworth data breach has sent shivers down the spine of every professional consulting...
The OAIC are again investigating the Australian Federal Police over AI surveillance concerns, this time...
Regulating AI has been on the agenda globally for some time, amid growing concern over...
After three years of limbo, personal data can flow from the EU to companies in...
As the privacy industry matures, we’re seeing more privacy and security jobs seeking professionals who...
In May, hundreds of AI experts warned that AI (if left unchecked) could pose an...
In Australia, privacy protections don't apply once you're dead. What do Kylie Minogue, John Lennon, Madge...
Evaluating your privacy program helps to allocate and justify resources and budgets, align your privacy...
What do these scenarios have in common? Images of a woman sitting on a toilet...
The Organisation for Economic Co-operation and Development (OECD) published a report on privacy enhancing technologies...
ChatGPT promises to revolutionise the way we write and work. In late May, Thomson Reuters...
The IAPP announced its new course in September 2022 – Foundations of Privacy. This course...
Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land...
This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will...
Dark patterns is a subject close to our heart. We’ve written about them before, including: Dark...
In February 2023, the Australian Attorney-General released its Privacy Act Review Report 2022 and we...
In the spirit of Privacy Awareness Week 2023, we are sharing 3 tips to safeguard...
Privacy Awareness Week 2023 runs from May 1 to May 7. To build on this...
We’ll continue our deep dive into Australia’s Privacy Act Review report in this article. We...
Privacy Awareness Week 2023 is May 1 to 7, 2023. This year the theme is...
On 8 December 2022, the Minister for Cyber Security, the Hon. Clare O’Neil MP, announced...
We’re continuing our deep dive into the Privacy Act Review Report. You can read our...
Organisations covered by the Australian Privacy Act must provide access to the personal information the...
Privacy 108's report on privacy jobs advertised in Australia in October, November and December 2022...
Deep Dive 1: Security, data breach notification and retention In February 2023, after nearly three years...
Australian financial services provider, Latitude Financial, has announced that it has suffered a data breach...
Differential privacy is a formal mathematical definition of privacy. At its core, implementing differential privacy...
The importance of organisational data is growing each year. And today, a data management strategy...
Key Findings in the OAIC’s Data Breach Report: July – December 2022 The OAIC highlighted the...
An accurate and up-to-date data inventory is the basis of any privacy program. And with...
On 16 February 2023, the Commonwealth Attorney-General released the Privacy Act Review Report 2022. The report...
When a potential hire sends you their CV, you will likely collect their personal information....
In January 2022, Austria became the first EU country to state that the continuous use...
Around 400 parents of current and former Mount Lilydale Mercy students were recently alerted to...
The widespread information about website requirements for organisations covered by the GDPR and California Privacy...
ISO is set to launch a new privacy standard in February: ISO 31700 Privacy by...
DNA testing – should we care? You may have seen The Lost King, a fascinating film...
The recent ACCC v Google LLC decision provides useful advice. Google recently defeated an action by...
Big data offers huge benefits: it improves human life with new medical and health solutions...
TechCrunch recently released its list of the most badly handled data breaches in 2022. Surprisingly...
A free online webinar on February 8th 2023 by Dr Andelka M. Phillips - Senior...
Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track...
Australia’s regulation of electronic surveillance has been a mess for some time. When it announced...
The OAIC’s latest reporting shows that 33% of human error data breaches in Australia are...
The OAIC’s Findings in its Data Breach Report January-June 2022 The OAIC highlighted the following key...
Call centres are hotbeds for the collection – and theft and misuse - of personal...
The CPRA (California Privacy Rights Act) is set to change the face of privacy in...
The increase in data breaches has highlighted that organisations are holding onto data, a lot...
It has been some time since we covered data flows between the EU and US....
The days of board directors delegating oversight of cybersecurity to department managers are long behind...
With Optus and Medibank data breaches affecting over 10 million Australians, many have pointed to...
Candidates with law degrees have been highly sought by employers looking to fill privacy roles...
Hot off the press - ISO 27001:2022 has been published! The much-anticipated update to ISO 27001:2013...
Biometric technologies have been making their way into schools for years. It's not uncommon for...
This week the Federal Attorney General introduced legislation to increase fines for privacy breaches, largely...
While million-dollar fines are commonplace in Europe, the $1.2million settlement following the Sephora Enforcement Action...
Email marketing can be exceptionally effective – but engaging in it is also rife with...
There has been a great deal of backlash in the wake of the Optus data...
The Optus data breach has exposed how harmful a cyber incident can be. Many are...
Using privacy by design to bake privacy in early is becoming a must. The benefits...
In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata...
Key takeaways: Employee photos may be personal information for the purposes of the Privacy Act,...
Privacy has been in the headlines recently following the CHOICE investigation into the use of...
Email marketing is remarkably effective. In its 2021 Email Marketing ROI Statistics report Barilliance cites the average return-on-investment...
Like many countries Australia has an AI ethical framework. But how influential will it be...
The use of biometrics in Australia is increasing, in the workplace, by retailers, educational institutions...
One of the most common privacy questions is: are work email addresses considered personal information...
Small businesses[1] are largely exempt from the Australian Privacy Act 1988 (Cth) and this is...
The Office of the Australian Information Commissioner (OAIC) recently released its Notifiable Data Breaches Report: January...
Privacy engineering has emerged as a vital function for almost every business. Privacy engineers can...
Regulators around the globe have been targeting their enforcement efforts at companies that engage in...
ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal...
Privacy is an exciting field that’s attracting plenty of attention in the media. It’s an...
The Privacy 108 team has reviewed OAIC determinations published since 1 November 2010 and identified...
Data mapping is one of the most critical steps in any privacy program. Maintaining a...
Phenomenally high penalties pertaining to privacy breaches are now routinely found in news headlines. In...
Penalties have started to flow in for Clearview AI’s controversial scraping and use of the...
Rushed, imprecise and unlikely to be enforced? And most importantly, why? In November 2020, the Australian...
What is the CIPT Certification? CIPT stands for Certified Information Privacy Technologist. It’s essentially a certification...
Australian federal law enforcement agencies can now alter online data and take over on-line accounts....
In early May 2022, the Australian Federal Court released its judgement in the long-running ASIC...
Ransomware in Australia is on the rise! As a result, regulators are paying more and...
Thinking about getting the CISM? This is an easy guide to all the practical steps...
Google Trends tells us there has been a slow and steady increase in interest in...
The Woolworths Group have updated their Privacy Policy. The new policy is good but could...
In June, Swedish furniture chain IKEA was ordered to pay a fine of 1 million...
Flight Centre, Australia’s largest travel agency suffered a data breach affecting nearly 7,000 customers, as...
Today, there’s no such thing as the ‘ideal background’ for a privacy professional. Privacy is...
How can you give yourself the greatest chance of passing your CISM exam? We want...
Privacy 108’s analysis of Australian privacy jobs advertised in September 2022 is now available. Main Findings...
Privacy 108’s analysis of Australian privacy jobs advertised in June 2022 is now available. Main Findings...
Thinking of taking the iapp CIPP/E exam but not sure how to prepare or whether...
Privacy Awareness Week 2022 runs from 2-8 May. To highlight this year’s theme: Privacy –...
In 2019, we reported on three (3) Australian data breach class actions. Nearly 2 years...
5 practical tips on CIPP/E exam prep for anyone thinking of taking the exam. What is...
Under Australian law, organisations are required to notify the Office of the Australian Information Commissioner...
Finally, ISO 27002 has been updated! The information security management standard ISO 27001 and its code...
Thinking about taking the IAPP CIPM exam but you’re not sure how to prepare or...
Earlier this year, we published a post about Australia’s First Cyber Security Case – ASIC...
With regulators increasing focusing on data security and cyber security, many tech professionals are considering...
More than eight years since its last face-lift, ISO 27002 is under review with a...
We’re seeing more and more Australian employers seeking privacy professionals with relevant certifications. As more...
Domain 1 questions are the most challenging for the respondents to our on-line CIPP/E. Do you...
The age-old idiom “less is more” is gaining traction in the privacy sphere. Data minimisation...
If you’re reading this, you likely already know that the CIPP/E is the IAPP's European...