Some Lessons from OAIC v Serco
The OAIC’s determination in a recent case involving Serco and the systems it used in......
11 April, 2024
Australia’s New Digital Identity Legislation Passed: Is That a Good Thing?
Australia’s Digital ID Bill passed on Mar 28, 2024. Our new ID system is designed......
08 April, 2024
The Latest on Cyber Security Regulation in Australia
Consultation on the latest proposals for cyber security regulation in Australia has now closed. What......
28 March, 2024
GDPR Enforcement Themes & Takeaways for Australian Organisations
Australia’s privacy law landscape doesn’t grant the same rights individuals resident in the EU and......
27 March, 2024
Managing Vendor Privacy Risk: A Guide to Third-Party Suppliers & Privacy [Ebook Download]
We recently published our comprehensive guide to managing vendor privacy risk in 2024. The 17-page......
24 March, 2024
Data Minimisation: A Privacy Professional’s Guide to Slimming Down Your Data
You know you need to do it, but the data minimization project is overwhelming. You......
19 March, 2024
What’s happening with the Medibank data breach litigation?
News this week was that Medibank failed in its bid to stop the OAIC investigations......
12 March, 2024
Privacy UX: Balancing User Privacy with Business Growth
Balancing user privacy with business growth isn’t always easy. Enter Privacy UX (shorthand for ‘privacy......
08 March, 2024
OAIC Data Breach Report: July – December 2023
The Office of the Australian Information Commissioner (OAIC) has released its latest Notifiable Data Breaches......
01 March, 2024
Defining and Managing Privacy Risks: Frameworks That Work
Australia’s privacy risk management landscape is being shaped by increasing visibility of data breaches, penalties,......
28 February, 2024
5 Reasons To Get Your CIPP/E Certification
Thinking of sitting for the CIPP/E? Here are 5 good reasons to get your CIPP/E......
19 February, 2024
Cybersecurity Regulations in Europe: What’s Happening – & What’s Coming?
Things are changing quickly in cybersecurity regulation in Europe. Here’s a list of the existing......
30 January, 2024
Privacy Jobs Report: July – December 2023
Privacy 108 monitors and reports on privacy jobs advertised in Australia. We’ve tracked the number,......
30 January, 2024
Privacy Impact Assessment Triggers: When Should You Do a PIA?
Privacy Impact Assessments are a powerful and often overlooked tool. They’re a compliance requirement, in......
28 January, 2024
Children’s Privacy in Australia: A Very Quick Overview
Children’s privacy, in terms of the information that websites and apps collect about child users,......
23 January, 2024
Privacy 108’s Top Ten Blog Posts in 2023
In case you missed them, we’ve compiled the most popular posts we published in 2023.......
29 December, 2023
AI Anyone? 2023 Reflections from the Privacy Perspective
As the end of 2023 approaches (thank goodness say some!), let’s reflect on some of......
29 December, 2023
Most Common Privacy Failures at Organisations (and How to Overcome Them)
ISACA’s 2023 Privacy in Practice report included a list of the most common privacy failures......
24 December, 2023
Maintaining Your Data Inventory: High-Level Tips for Keeping Yours Up to Date
Creating a complete data inventory is one thing – but supporting it over time is......
14 December, 2023
ASIC Raising the Bar on Cyber Security
The Australian Securities and Investments Commission (ASIC) is ramping up its emphasis on cybersecurity with......
12 December, 2023
Australian Privacy Jobs Report – Jan to Jun 2023
Privacy 108’s report on privacy jobs advertised in Australia between January and June 2023 is......
04 December, 2023
After The Ink Dries: Monitoring Third Parties You Share Personal Information with Beyond Due Diligence
Third-party vendor management extends far beyond the initial signing of your contract. It’s an ongoing......
30 November, 2023
The Webs We Weave: Building Stronger Cross-Functional Privacy Practices
In February 2023, a hacker used an SMS phishing scheme on a HR employee in......
24 November, 2023
No legal professional privilege for Deloitte forensic report in Optus data breach litigation
Optus has lost a bid in the Australian federal court to keep secret a Deloitte......
19 November, 2023
OAIC sues ACL for security failure
In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of......
16 November, 2023
CIPPE 2023 Update: Here’s What Changed
Things are changing fast in European privacy! We don’t typically see annual updates by the......
15 November, 2023
Data Tagging: Best Practices, Security & Implementation Tips
Data tagging helps businesses enhance data security, improve data governance, and better manage data and......
14 November, 2023
Queensland’s Data Breach Notification Scheme for Government Agencies
Queensland looks to join NSW as the only other Australian state with a mandatory data......
01 November, 2023
Persevering Progress: Privacy Act ‘Accountability’ Reforms
Earlier this year, we provided an update on the privacy reform proposals related to ‘accountability’......
27 October, 2023
Cyber security regulation in Australia: What’s the current status?
Will Australia be getting a Cyber Security Act any time soon? The cyber security regulatory......
27 October, 2023
GoodSAM Privacy Risks: The Briefing Speaks with Dr Jodie Siganto
Privacy 108 Founder Dr Jodie Siganto recently appeared on The Briefing to discuss the GoodSam......
27 October, 2023
The 2023 Updated CIPT Body of Knowledge: What Has Changed?
Privacy for technologists is a rapidly developing field. The IAPP’s CIPT Body of Knowledge has......
21 October, 2023
Data Catalogues: The Unsung Heroes of Organisational Privacy
Data catalogues provide a unified and searchable view of an organisation’s data and data sources.......
13 October, 2023
Privacy Act changes … still more thinking to be done?
Changes to the Privacy Act changes have been been flagged in the Australian Government’s response......
10 October, 2023
ChatGPT Wrote This Blog Post: How Could This Affect Organisational Privacy?
“Every technology, including AI like ChatGPT, comes with potential risks and benefits. Balancing innovation with......
06 October, 2023
ACCC fines Meta … two cops on the privacy beat
In July 2023, the Australian Federal Court ordered two subsidiaries of social media giant Meta......
06 October, 2023
OAIC Data Breach Report: January – June 2023
Key Findings in the OAIC’s Data Breach Report: January – June 2023 Some of the......
28 September, 2023
RIP Passwords: Are Passkeys the Future of Account Security?
Passwords are probably the most well-known account security feature that exists today. But they’re problematic.......
28 September, 2023
What To Do If a Third Party Mishandles Data Your Organisation Shared with It
Earlier this year, news broke about a third-party data breach that impacted the personal information......
27 September, 2023
NIST Privacy Framework – 5 Tips for Implementation
The National Institute of Standards and Technology (NIST) Privacy Framework was developed through a collaborative......
15 September, 2023
Preparing for Complaints After a Privacy Breach in Australia: Legal and Business Tips
Preparing for managing customer complaints after a privacy breach is a critical step in your......
08 September, 2023
Which Privacy Certification is Right for Me?
Privacy skills are in demand. And as the demand grows and the privacy industry matures,......
04 September, 2023
It depends … some findings from Australia’s Attitude to Privacy Survey
Interested in what Australians think about privacy, use of AI and facial recognition and the......
27 August, 2023
Cyber Insurance – Is It Worth It?
Cyber insurance is not just becoming increasingly common, it is also becoming a requirement for......
26 August, 2023
US State Privacy Laws & Australian Organisations: An Update
2023 has brought with it a flurry of activity in terms of privacy legislation in......
24 August, 2023
Privacy and Security in Mobile App Development: Tips to Creating Better Apps
Following the highly-publicised ban of TikTok on government devices, Australians are starting to pay more......
18 August, 2023
Third party service providers: It’s so much more than the contract
Victoria’s privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), released a report into how......
11 August, 2023
3 Tips for Talking to Boards About Cybersecurity
Cybersecurity concerns are no longer the domain of the IT department. They permeate every aspect......
10 August, 2023
CIPP/E Domain II: Understanding the GDPR
While Domain I might be the most challenging domain, Domain II in the CIPP/E certification......
08 August, 2023
5 Tips for Managing Third Party Security Risk
It’s rare for an organization to not use at least one third party – whether......
28 July, 2023
Lessons from the HWL Ebsworth Data Breach
The HWL Ebsworth data breach has sent shivers down the spine of every professional consulting......
28 July, 2023
The AFP in trouble again for its use of AI … with no privacy impact assessment
The OAIC are again investigating the Australian Federal Police over AI surveillance concerns, this time......
27 July, 2023
Australia’s AI regulation discussion paper: Late to the party again …
Regulating AI has been on the agenda globally for some time, amid growing concern over......
24 July, 2023
Finally! A new EU-US Data Transfer Framework
After three years of limbo, personal data can flow from the EU to companies in......
12 July, 2023
An Overview of Cybersecurity Certifications in Australia
As the privacy industry matures, we’re seeing more privacy and security jobs seeking professionals who......
10 July, 2023
AI Regulation Around The World
In May, hundreds of AI experts warned that AI (if left unchecked) could pose an......
30 June, 2023
Privacy after death: Time for a re-think?
In Australia, privacy protections don’t apply once you’re dead. What do Kylie Minogue, John Lennon,......
29 June, 2023
Evaluating Privacy: Privacy Metrics to Measure Effectiveness
Evaluating your privacy program helps to allocate and justify resources and budgets, align your privacy......
23 June, 2023
Tips For Developing an Effective Privacy Training Program
What do these scenarios have in common? Images of a woman sitting on a toilet......
16 June, 2023
Emerging Privacy Enhancing Technologies: A Summary of the OECD 2023 PET Report
The Organisation for Economic Co-operation and Development (OECD) published a report on privacy enhancing technologies......
12 June, 2023
Managing ChatGPT and Privacy in Australian Organisations
ChatGPT promises to revolutionise the way we write and work. In late May, Thomson Reuters......
01 June, 2023
Foundations of Privacy: Who Should Take IAPP’s Newest Privacy Training Course
The IAPP announced its new course in September 2022 – Foundations of Privacy. This course......
20 May, 2023
Key Themes from Recent Spam Penalties by ACMA
Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land......
19 May, 2023
A new OAIC or back to the future?
This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will......
16 May, 2023
More about dark patterns …
Dark patterns is a subject close to our heart. We’ve written about them before, including:......
09 May, 2023
Increased Accountability Obligations: Privacy Act Review Report Deep Dive Part 4
In February 2023, the Australian Attorney-General released its Privacy Act Review Report 2022 and we......
08 May, 2023
3 Steps to Safeguard Privacy
In the spirit of Privacy Awareness Week 2023, we are sharing 3 tips to safeguard......
07 May, 2023
Organisational Privacy Basics: Privacy Awareness Week 2023
Privacy Awareness Week 2023 runs from May 1 to May 7. To build on this......
28 April, 2023
New Australian Laws Proposed for Direct Marketing, Targeting, & Data Analytics: Privacy Act Review Report Deep Dive Part 3
We’ll continue our deep dive into Australia’s Privacy Act Review report in this article. We......
26 April, 2023
Privacy Awareness Week 2023: Back to basics
Privacy Awareness Week 2023 is May 1 to 7, 2023. This year the theme is......
25 April, 2023
Australia’s New Cyber Security Strategy: Call for submissions
On 8 December 2022, the Minister for Cyber Security, the Hon. Clare O’Neil MP, announced......
20 April, 2023
Ch. Ch. Ch. Changing Definitions in Australian Privacy: Privacy Act Review Deep Dive
We’re continuing our deep dive into the Privacy Act Review Report. You can read our......
18 April, 2023
Responding to Access Requests: Practical Tips to Meet Your Privacy Obligations
Organisations covered by the Australian Privacy Act must provide access to the personal information the......
12 April, 2023
Australian Privacy Jobs Quarterly Report – December 2022
Privacy 108’s report on privacy jobs advertised in Australia in October, November and December 2022......
30 March, 2023
Privacy Act Review: What’s proposed for Security, Data Breach Notification and Retention?
Deep Dive 1: Security, data breach notification and retention In February 2023, after nearly three......
28 March, 2023
Australia’s First Major Financial Services Provider Breach: Latitude Financial Ransomware Update
Australian financial services provider, Latitude Financial, has announced that it has suffered a data breach......
27 March, 2023
Differential Privacy: Where Maths and Privacy Meet
Differential privacy is a formal mathematical definition of privacy. At its core, implementing differential privacy......
20 March, 2023
Data Management Strategy: No Longer a Nice-to-Have
The importance of organisational data is growing each year. As we move through 2023, a......
11 March, 2023
OAIC Data Breach Report: July – December 2022
Key Findings in the OAIC’s Data Breach Report: July – December 2022 The OAIC highlighted......
03 March, 2023
Data Inventories: Best Practices & Practical Implementation Tips
An accurate and up-to-date data inventory is the basis of any privacy program. And with......
01 March, 2023
Proposed Privacy Act reforms: Inching closer to a fit for purpose Privacy Act?
On 16 February 2023, the Commonwealth Attorney-General released the Privacy Act Review Report 2022. The......
25 February, 2023
Avoiding Privacy Issues When Recruiting Staff: 10 Practical Tips
When a potential hire sends you their CV, you will likely collect their personal information.......
25 February, 2023
Can You Use Google Analytics in the EU? A Guide for Australian Organisations
In January 2022, Austria became the first EU country to state that the continuous use......
10 February, 2023
Melbourne School Data Breach: Lessons for Handling Credit Card Hacks
Around 400 parents of current and former Mount Lilydale Mercy students were recently alerted to......
03 February, 2023
Privacy Do’s and Don’ts for Australian Websites
The widespread information about website requirements for organisations covered by the GDPR and California Privacy......
27 January, 2023
More on recording conversations in Australia: What is allowed?
Can you record conversations in Australia? This is the most common question we get asked......
25 January, 2023
ISO 31700: New ISO Standard for Privacy by Design
ISO is set to launch a new privacy standard in February: ISO 31700 Privacy by......
24 January, 2023
Online DNA Testing – Solving mysteries and creating new problems?
DNA testing – should we care? You may have seen The Lost King, a fascinating......
23 January, 2023
How Do You Legally Change Your Privacy Policy?
The recent ACCC v Google LLC decision provides useful advice. Google recently defeated an action by......
20 January, 2023
Big data and de-identification: Taking a risk management approach
Big data offers huge benefits: it improves human life with new medical and health solutions......
11 January, 2023
Key Takeaways from TechCrunch’s List of Badly Handled Data Breaches in 2022
TechCrunch recently released its list of the most badly handled data breaches in 2022. Surprisingly......
10 January, 2023
Buying yourself online – an introduction to privacy issues with online DNA testing
A free online webinar on February 8th 2023 by Dr Andelka M. Phillips – Senior......
21 December, 2022
Privacy Issues for Employers Using Biometrics in the Workplace
Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track......
20 December, 2022
Privacy 108’s Top 10 Blog Posts for 2022
We’ve compiled our top ten most-read privacy blog posts for 2022. They’re listed below, starting......
20 December, 2022
Electronic Surveillance Reform in Australia: What can we expect next?
Australia’s regulation of electronic surveillance has been a mess for some time. When it announced......
18 December, 2022
Email Snafu – What to Do If You Send Personal Information to the Wrong Email
The OAIC’s latest reporting shows that 33% of human error data breaches in Australia are......
15 December, 2022
OAIC Data Breach Report January–June 2022: Our Analysis
The OAIC’s Findings in its Data Breach Report January-June 2022 The OAIC highlighted the following......
13 December, 2022
Privacy for Call Centres: Increase Privacy with These 5 Tips
Call centres are hotbeds for the collection – and theft and misuse – of personal......
04 December, 2022
CPRA: New privacy obligations in California to take effect from 1 January 2023
The CPRA (California Privacy Rights Act) is set to change the face of privacy in......
24 November, 2022
Worried about Data Breaches? How Privacy by Design can help
The increase in data breaches has highlighted that organisations are holding onto data, a lot......
24 November, 2022
Trans-Atlantic Data Privacy Framework: A Solution to EU/US Cross Border Data Transfer Issues
It has been some time since we covered data flows between the EU and US.......
17 November, 2022
Questions Boards Should Ask About Cybersecurity
The days of board directors delegating oversight of cybersecurity to department managers are long behind......
10 November, 2022
Privacy Act Amendments: Real deterrent or window dressing?
With Optus and Medibank data breaches affecting over 10 million Australians, many have pointed to......
09 November, 2022
Law Degrees for Privacy Professionals: Must Haves or Nice to Haves?
Candidates with law degrees have been highly sought by employers looking to fill privacy roles......
04 November, 2022
New ISO 27001:2022 released – Finally!
Hot off the press – ISO 27001:2022 has been published! The much-anticipated update to ISO......
01 November, 2022
Biometrics in Schools and Privacy Issues: What Could Go Wrong?
Biometric technologies have been making their way into schools for years. It’s not uncommon for......
28 October, 2022
Privacy Act changes proposed … but will they work?
This week the Federal Attorney General introduced legislation to increase fines for privacy breaches, largely......
27 October, 2022
California’s Sephora Enforcement Action – What Does It Mean for Australian Organisations?
While million-dollar fines are commonplace in Europe, the $1.2million settlement following the Sephora Enforcement Action......
21 October, 2022
Email Marketing Compliance Do’s & Don’ts When Buying Lists and Data Scraping
Email marketing can be exceptionally effective – but engaging in it is also rife with......
17 October, 2022
The Optus Data Breach Communications – A Case Study of What Not to Do in the Wake of a Breach
There has been a great deal of backlash in the wake of the Optus data......
05 October, 2022
Optus Data Breach: Time for change?
The Optus data breach has exposed how harmful a cyber incident can be. Many are......
05 October, 2022
5 Tips on Passing the CIPT exam
5 practical tips on CIPT exam prep for anyone thinking of taking the exam. ......
30 September, 2022
Privacy by Design: How to Bake Privacy in Early
Using privacy by design to bake privacy in early is becoming a must. The benefits......
30 September, 2022
Optus data breach – Listen to Dr Jodie Siganto on ABC Radio
Dr Jodie Siganto was one of the privacy and security experts interviewed by the ABC......
27 September, 2022
Metadata access is being abused. Who would have thought?
In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata......
27 September, 2022
The Right to Privacy & Roe v Wade: The Little-Known Link Between Privacy Rights and Abortion Explained
Roe v Wade, the US Supreme Court case which protected the right to abortion for......
23 September, 2022
Employee Photos and Privacy: What You Need To Know
Key takeaways: Employee photos may be personal information for the purposes of the Privacy Act,......
10 April, 2021
CCTV Laws in Australia: 5 Tips for Managing CCTV Privacy Issues
Privacy has been in the headlines recently following the CHOICE investigation into the use of......
11 July, 2022
Email Marketing Laws in Australia That Direct Marketers Need to Know About
Email marketing is remarkably effective. In its 2021 Email Marketing ROI Statistics report Barilliance cites the average......
07 May, 2021
Australia’s AI Ethical Framework: Another paper tiger?
Like many countries Australia has an AI ethical framework. But how influential will it be......
08 July, 2021
Using Biometrics: What’s the status in Australia
The use of biometrics in Australia is increasing, in the workplace, by retailers, educational institutions......
12 August, 2021
Is a work email address covered by privacy laws?
One of the most common privacy questions is: are work email addresses considered personal information......
11 October, 2021
What does privacy compliance cost Australian small businesses?
Small businesses[1] are largely exempt from the Australian Privacy Act 1988 (Cth) and this is......
14 December, 2021
Data Breach Notifications in Australia: The basic guide to who, what, when, how, and why
The Office of the Australian Information Commissioner (OAIC) recently released its Notifiable Data Breaches Report: January......
26 October, 2021
Privacy engineering (and engineers) are hot!
Privacy engineering has emerged as a vital function for almost every business. Privacy engineers can......
12 May, 2022
Data Sharing and Third Parties: Questions to ask before sharing personal information you’ve collected
Regulators around the globe have been targeting their enforcement efforts at companies that engage in......
05 February, 2022
ISO 27701 Privacy Management System: How useful is it?
ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal......
05 May, 2020
Career Roadmap for Privacy Professionals in Australia
Privacy is an exciting field that’s attracting plenty of attention in the media. It’s an......
06 March, 2021
OAIC Determinations: A slice and dice of the data
The Privacy 108 team has reviewed OAIC determinations published since 1 November 2010 and identified......
03 July, 2022
Data Mapping: How to Map Your Data for Better Privacy Management
Data mapping is one of the most critical steps in any privacy program. Maintaining a......
19 June, 2021
How Much Does a Privacy Breach Cost in Australia?
Phenomenally high penalties pertaining to privacy breaches are now routinely found in news headlines. In......
16 March, 2022
Clearview AI’s Australian Privacy Breach
Penalties have started to flow in for Clearview AI’s controversial scraping and use of the......
18 March, 2022
New security obligations for Australian Critical Infrastructure Providers: Why?
Rushed, imprecise and unlikely to be enforced? And most importantly, why? In November 2020, the......
13 December, 2020
How To Prepare for the CIPT Exam: A Privacy Instructor Explains
What is the CIPT Certification? CIPT stands for Certified Information Privacy Technologist. It’s essentially a......
27 August, 2021
More surveillance powers for Australian law enforcement
Australian federal law enforcement agencies can now alter online data and take over on-line accounts.......
09 September, 2021
The end to ASIC v RI Advice: Cyber security take-aways for Australian organisations
In early May 2022, the Australian Federal Court released its judgement in the long-running ASIC......
06 May, 2022
Ransomware in Australia: Legal Liability, Notifications and Your Obligations
Ransomware in Australia is on the rise! As a result, regulators are paying more and......
23 March, 2022
How do I get my CISM Certification?
Thinking about getting the CISM? This is an easy guide to all the practical steps......
23 April, 2021
Privacy Officers: What do they do?
Google Trends tells us there has been a slow and steady increase in interest in......
09 June, 2021
Woolworths’ New Privacy Policy: Making privacy simple?
The Woolworths Group have updated their Privacy Policy. The new policy is good but could......
06 February, 2021
IKEA France’s CEO Handed a Suspended Sentence for Spying on Employees: Could This Happen in Australia?
In June, Swedish furniture chain IKEA was ordered to pay a fine of 1 million......
14 August, 2021
Flight Centre’s Design Jam Data Breach: What can we learn?
Flight Centre, Australia’s largest travel agency suffered a data breach affecting nearly 7,000 customers, as......
16 February, 2021
The Difference Between ‘Security’ and ‘Privacy’ Jobs – And Why IT Matters
Today, there’s no such thing as the ‘ideal background’ for a privacy professional. Privacy is......
01 April, 2021
How do I Prepare for the CISM Certification Exam?
How can you give yourself the greatest chance of passing your CISM exam? We want......
23 April, 2021
Australian Privacy Jobs Quarterly Report – Sep 2022
Privacy 108’s analysis of Australian privacy jobs advertised in September 2022 is now available. Main......
17 November, 2022
Australian Privacy Jobs Quarterly Report – June 2022
Privacy 108’s analysis of Australian privacy jobs advertised in June 2022 is now available. Main......
25 July, 2022
Preparing for the iapp CIPP/E Exam? Some exam prep tips
Thinking of taking the iapp CIPP/E exam but not sure how to prepare or whether......
22 October, 2020
Calling Out 3 of the Biggest Privacy Fails of 2021
Privacy Awareness Week 2022 runs from 2-8 May. To highlight this year’s theme: Privacy –......
15 April, 2022
Privacy Cases in Australia: Any Progress?
In 2019, we reported on three (3) Australian data breach class actions. Nearly 2 years......
26 May, 2020
5 Tips on Preparing for the CIPP/E exam
5 practical tips on CIPP/E exam prep for anyone thinking of taking the exam. What......
28 October, 2021
Voice Recording Laws: Is It Legal to Record a Conversation in Australia?
Australia has a patchwork of state laws that cover listening devices and the surveillance of......
15 September, 2022
Quick Tips for Communicating About Privacy Issues Within Your Organisation
Cookies, aggregated data, dark patterns, and ransomware are just a few of thousands of privacy-related......
08 September, 2022
The Updated CIPP/E Body of Knowledge: What Has Changed
The IAPP’s CIPP/E certification covers key privacy terminology, and the practical considerations relating to personal......
27 August, 2022
Security for privacy practitioners: What security certification suits?
We are often asked by privacy practitioners to recommend security training to help them get......
26 August, 2022
Who Needs to Comply with China’s PIPL?
Organisations are getting used to the extraterritorial scope of privacy laws enacted in other countries,......
20 August, 2022
A Privacy Compliance Tool to Overcome Common Privacy Issues You Need to Avoid
Compliance with Australia’s Privacy Principles is non-negotiable for organisations covered by Australia’s privacy laws (APP......
16 August, 2022
Canada’s Digital Charter Implementation Act 2022 – And What Australia Can Learn From It
Canada appears to be looking to update and strengthen its digital privacy with the introduction......
12 August, 2022
Queensland’s Information Privacy Act review: What’s being considered?
Queensland is updating its Information Privacy and Right to Information Framework, with a consultation paper......
10 August, 2022
The American Data Privacy and Protection Act (ADPPA): What’s happening?
The American Data Privacy and Protection Act (ADPPA) is making its way through the US......
10 August, 2022
PIPL: Proposed China SCCs for Cross Border Transfers
On 30 June 2022, the Cyberspace Administration of China (CAC) released a template agreement for......
05 August, 2022
ISACA CISM Exam Update: What’s Changed
The ISACA updates the content of its curriculum and exams around every five years. The......
29 July, 2022
5 Key Questions Boards Should Ask About Cyber Incidents
The frequency of ransomware attacks is rising, as is the average cost of a privacy......
24 July, 2022
CIPM Body of Knowledge Update: What’s Changed
Privacy is an exciting and dynamic field that is rapidly changing. While this makes it......
23 July, 2022
What is Australia doing about scams? The ACCC’s 3 pronged approach
The Australian Competition and Consumer Commission (ACCC) has proposed a “three-pronged approach” to ensure Australia......
22 July, 2022
Thailand Privacy Law Becomes Operational: 5 Compliance Issues
Thailand enacted its comprehensive privacy law on 28 May 2019. After giving covered organisations three......
14 July, 2022
What Privacy Professionals Need to Know About Dark Patterns Regulation
Dark patterns regulation has emerged as a focus in both the US and EU over......
30 June, 2022
EU’s New Deal for Consumers: a dark future for dark patterns
Laws banning dark patterns, hidden advertising, and manipulated consumer reviews became effective in the EU......
24 June, 2022
Privacy Enforcement in APAC: Privacy Breach Penalties by APAC Regulators
Privacy breaches and enforcement in Europe, the US, and Australia garner much media attention in......
17 June, 2022
Transfer Impact Assessments Under the New SCCs: What You Need to Know
The New SCCs require organisations to undertake a transfer impact assessment before completing a transfer......
10 June, 2022
Australian Privacy Jobs Quarterly Report – March 2022
Privacy 108’s analysis of Australian privacy jobs advertised in March 2022 is now available. Main......
07 June, 2022
How Can I Legally Collect Email Addresses? Practical Methods for Gaining Consent
The penalties for sending unsolicited (or spam) marketing emails in Australia can be severe –......
12 November, 2021
How to Structure Your Privacy Team
We revealed in our December 2021 Privacy Jobs Report that larger organisations are increasingly implementing......
07 June, 2022
5 Tips for Successfully Implementing Privacy by Design
In a world where there’s no cookie cutter template to privacy, companies are hungry for......
30 May, 2022
It’s the GDPR’s 4 Year Anniversary: These are the 4 Biggest Impacts It Has Had on Global Privacy
Europe’s landmark General Data Protection Regulations (GDPR) came into effect (just over) 4 years on......
21 May, 2022
5 IAPP Certification Exam Tips to Help You Prepare (By an IAPP Training Partner)
For any IAPP certification, real-world experience is an advantage – but sitting an exam is......
13 May, 2022
Privacy: Building the Foundation of Trust
“Distrust is now society’s default emotion”. This is the no. 1 Takeaway from the 2022......
05 May, 2022
Project REDSPICE: Looking into Australia’s $10b Investment in Cyber Security
Many privacy and cyber security professionals across Australia were surprised by the $9.9 billion earmarked......
28 April, 2022
Delayed Data Breach Notification: When is it okay to delay?
Under Australian law, organisations are required to notify the Office of the Australian Information Commissioner......
22 April, 2022
Privacy Shield 2.0 is Coming – But is the new EU-US data transfer mechanism here to stay?
The Whitehouse and EU Commission announced the impending arrival of Privacy Shield 2.0 on 25......
13 April, 2022
Changing legal landscape for Data Breach Notification in Australia
With the rise of cyber security incidents and increased concern about ransomware, additional data breach......
11 April, 2022
The new ISO 27002: 2022 – Answers to some Frequently Asked Questions
The new 2022 revision of ISO 27002 was published on February 15, 2022 It’s been......
10 April, 2022
What does it take to be a DPO?
The EU General Data Protection Regulation (GDPR) requires certain organisations to appoint a data protection......
29 March, 2022
How to Write a Better Privacy Policy: Best Practices for Privacy Policies
Australia’s Privacy Act 1988 requires APP entities to have a clear and up-to-date privacy policy......
26 March, 2022
The Consequences of Privacy Regulatory Inaction: Some lessons from the EU for Australia
When the GDPR introduced hefty new fines and more stream lined enforcement, many privacy advocates......
24 March, 2022
Update to ISO 27002
Finally, ISO 27002 has been updated! The information security management standard ISO 27001 and its......
11 March, 2022
China’s PIPL: A Guide to What’s Covered
China’s privacy law, the Personal Information Protection Law (PIPL), came into effect on November 1,......
09 March, 2022
De-identification as a Privacy-Enhancing Tool: How, when and why to use it
De-identification is a powerful solution to many of the privacy concerns data sharing and use......
09 March, 2022
Red Cross Data Breach Exposes Personal Information from the World’s Most Vulnerable
On January 19, the International Committee of the Red Cross (ICRC) published a press release......
18 February, 2022
Privacy Program FAQs for Privacy Professionals
As customers become more alert to privacy issues, organisational privacy programs must achieve customer trust......
11 February, 2022
Cambridge Analytica Scandal Fallout: Facebook Appeal Dismissed by Australia’s Federal Court
Late last month, in our coverage of the largest GDPR fines in 2021, we outlined......
10 February, 2022
Australian Privacy Professionals Survey 2021 – Results
Results from our 2021 Privacy Professional Survey are now available. Thank you to everyone who......
31 January, 2022
GDPR Fines in 2021: What can we learn?
EU privacy regulators last year levied fines totalling more than €1 billion for GDPR breaches,......
26 January, 2022
Australia’s Privacy Act Review: Another missed opportunity?
Privacy 108 has submitted its response to the Privacy Act Review Discussion Paper. You can......
25 January, 2022
Google Analytics and GDPR: A win for privacy activists
The recent decision around the use of Google Analytics underlines the continuing battles between EU......
24 January, 2022
Dark Patterns: What are They and Why Should You Remove Them From Your Website?
Facebook and Google have received hefty fines from France’s lead data protection authority, the CNIL,......
20 January, 2022
Australian Privacy Jobs Quarterly Report – December 2021
Privacy 108’s analysis of Australian privacy jobs advertised in December 2021 is now available. Main......
14 January, 2022
A Privacy Instructor’s Guide to the CIPM Exam
Thinking about taking the IAPP CIPM exam but you’re not sure how to prepare or......
13 January, 2022
Grindr Fined €6.5 million for Breaching GDPR Consent Requirements
Norway’s data privacy watchdog has issued a 6.5 million Euro fine to a location-based social......
07 January, 2022
Re-introducing the Re-identification Offence Bill: The dumbest privacy idea this year?
The Privacy Act Discussion Paper, the latest stage in the comprehensive review of Australia’s Privacy ......
29 December, 2021
Privacy-Enhancing Technologies as the Solution to Eroding Trust: Lessons from the World Economic Forum’s Recent Publication on Consumer (Mis)Trust.
The World Economic Forum (WEF) recently released an article about “How to overcome mistrust of......
23 December, 2021
CLOUD Agreement eases law enforcement access to big tech data
On December 15, 2021, the United States and Australia signed an agreement to make it......
19 December, 2021
3 Gamechanging New Year’s Privacy Resolutions for Your Business in 2022
As the new year approaches, it’s time to consider your resolutions for 2022. Business owners......
10 December, 2021
3 New Year’s Resolutions for Budding Privacy Professionals: What you can do to land your dream job in 2022
If you’re looking to make 2022 the year you land your dream job as a......
03 December, 2021
EDPB Data Transfer Guidance: Draft released for consultation
Many Australian organisations have suffered the double whammy of being caught by the extra territorial......
01 December, 2021
Should small businesses be exempt from the Privacy Act?
In October 2021, the Australian Attorney-General’s Department issued a discussion paper seeking further submissions on......
30 November, 2021
Australian Privacy Professionals Survey 2021
In 2019 we ran our first Australian Privacy Professionals Survey. Time has flown and the......
26 November, 2021
Privacy as a Competitive Advantage for Australian Businesses: Why should companies care about data privacy?
While not as well-publicised as greenwashing, consumers and regulators are becoming more aware of the......
26 November, 2021
Which CIPP Certification is Right for Me?
The Certified Information Privacy Professional certifications offered by the International Association of Privacy Professionals (IAPP) are......
19 November, 2021
Google Free Choice Screen Closer for Australians
The Australian Competition and Consumer Commission (ACCC) has reiterated its call for Google to implement......
16 November, 2021
Getting Started in Privacy: Privacy career skills employers want to see on your CV
Working out how to get hired in a field that is relatively new and constantly......
15 November, 2021
7-Eleven’s Photo Faux Pas: 3 key privacy compliance take-aways
The recent decision of the Office of the Australian Information Commission (OAIC) about privacy interferences......
10 November, 2021
Ransomware Action Plan: Another new cyber security law for Australia?
In mid-October 2021, Australia’s new Ransomware Action Plan was released by the Department of Home......
02 November, 2021
Update on Australia’s First Cyber Security Case: ASIC v RI Advice
Earlier this year, we published a post about Australia’s First Cyber Security Case – ASIC......
30 October, 2021
Australian Privacy Jobs Quarterly Report – September 2021
Privacy 108’s analysis of Australian privacy jobs advertised in September 2021 is now available. Main......
26 October, 2021
The Changing Landscape of Cookie Laws in APAC
How are Cookie laws changing in APAC? We recently covered the move away from the......
25 October, 2021
Cybersecurity Enforcement in a World Where a Ransomware Attack Led to a Baby’s Death
A US medical malpractice lawsuit (scheduled for trial in November 2022) alleges that a hospital......
14 October, 2021
CIPT Qualifications and Your Career: Where Will This Certification Take You?
With regulators increasing focusing on data security and cyber security, many tech professionals are considering......
07 October, 2021
ISO 27002 is getting updated, finally!
More than eight years since its last face-lift, ISO 27002 is under review with a......
04 October, 2021
Sanderling return to Moreton Bay
We promised to keep you updated on the adventures of our Sanderling, the shorebird we......
29 September, 2021
Balancing Data Use and Disclosure with Privacy: Issues Organisations Must Consider
Accessing data for potentially unauthorised purposes has been hitting headlines recently as various state police......
29 September, 2021
Australia’s Response to The Uber Privacy Breach: Fallout from Uber Paying Hackers to Conceal a Massive Data Breach
In July 2021, the Australian Privacy Commissioner issued a determination relating to Uber’s well publicised......
28 September, 2021
What is a Privacy Consultant?
Interested in becoming a privacy consultant? Not sure what experience is required or what you......
28 September, 2021
Practical Tips to Update SCCs at Your Organisation
The repeal of the Old SCCs is just around the corner – on 27 September......
16 September, 2021
Are cookies losing their flavour?
The world of on-line cookies is changing with regulators making their use more difficult, browsers......
10 September, 2021
Increasing cyber security requirements: the latest trend in privacy
If you follow our blog posts, you may have noticed a theme emerging over the......
25 August, 2021
China’s new Personal Information Privacy Law: Yet another piece in a complex puzzle
Another piece is added to the jigsaw of China’s privacy and security laws. The Personal......
25 August, 2021
Moreton Bay, Shorebirds and Surveillance
Privacy 108 is a Moreton Bay Foundation Ambassador and delighted sponsor of a Sanderling, one......
23 August, 2021
Australian Privacy Jobs Quarterly Report – June 2021
Privacy 108’s analysis of Australian privacy jobs advertised in June 2021 is now available. Main......
17 August, 2021
Privacy by Design: A Future-Focused Privacy Approach for Your Organisation
The constantly changing global privacy landscape may seem overwhelming. More jurisdictions are enacting increasingly robust......
06 August, 2021
Is cyber security regulation possible in Australia?
On 13 July 2021, the Australian Government through the Department of Home Affairs (DHA) opened consultation......
05 August, 2021
Mandatory notice of ransomware payments: Is it a good idea?
There is no doubt that ransomware attacks are amongst the most serious cyber threats to......
03 August, 2021
Trends in Privacy Careers: Moving to Greater Flexibility
We have been monitoring privacy careers via privacy jobs advertised in Australia for almost three......
30 July, 2021
Google’s Free Choice Screen for Android Users: Increased Consumer Choice Trend Continues
Google’s search engine has dominated the market for the better part of two decades. This......
28 July, 2021
Privacy Enhancing Technology: Demystifying Privacy Management Solutions
More organisations are looking at automated solutions to support the efficient management of their privacy......
17 July, 2021
CIPM Certification Careers: Where will the CIPM privacy qualification take you?
We’re seeing more and more Australian employers seeking privacy professionals with relevant certifications. As more......
10 July, 2021
China’s new Data Security Law (DSL): Another piece in a complex puzzle
China has released a new Data Security Law that adds to the existing web of......
08 July, 2021
New AI Regulation in the EU: A risk based approach with teeth
Artificial intelligence (AI) is transforming the world in many aspects. Many countries are considering how......
07 July, 2021
Ensuring AI supports Human Rights? Recommendations from the Australian Human Rights Commission
Concerns around bias, discrimination and unfairness dog the use of Artificial Intelligence, not without justification......
06 July, 2021
CIPP/E Update: What you need to know
From July 1, 2021 the CIPP/E body of knowledge and exam will be updated. The......
30 June, 2021
Welcome to our New Team Member
A very warm welcome to Alicia, the newest member of the Privacy 108 team! An......
30 June, 2021
Cybersecurity in the ‘Next Normal’: Minimum Standards When Working From Home
The white-collar workforce is likely to look very different long into the future. While some......
25 June, 2021
Ransomware: What can you do?
There’s little doubt that ransomware is a serious risk to businesses globally. The roll call......
21 June, 2021
Privacy Impact Assessments as a Business Tool: Make better decisions with PIAs
Privacy impact assessments are an underutilised tool that organisations can use to enhance data protection......
12 June, 2021
Concluding the Saga? The New SCCs for GDPR-Compliant Third-Party Data Transfers Have Arrived
On 4 June, the European Commission (EC) published its finalised version of the new Standard......
11 June, 2021
Reducing Privacy Risk As You Grow: Business Lessons from the Services NSW Data Breach
Last year, Services NSW suffered data breaches that exposed the personal information of more than......
28 May, 2021
Privacy funding in the 2021 Australian Federal Budget
Was privacy a winner in the 2021 Federal budget? Not really …. Unless you think......
23 May, 2021
Domain 1: The most challenging CIPP/E domain?
Domain 1 questions are the most challenging for the respondents to our on-line CIPP/E. Do......
22 May, 2021
World-First Enforcement in ACCC v Google: Here’s What You Need To Know
The ACCC has successfully argued that Google engaged in misleading and deceptive conduct in a world-first enforcement proceeding.......
22 May, 2021
Digital Privacy in Australia in 2021: 3 Lessons for Australian Businesses from Global Privacy Laws
Global privacy law is undergoing massive change. Different countries are trying to keep up with......
19 May, 2021
Make Privacy A Priority: Privacy Awareness Week in 2021
Privacy Awareness Week (PAW) takes place in the first week of May each year. This......
01 May, 2021
5 Steps to Ensure Your Privacy Policies are Effective
Our earlier article about Flight Centre’s 2017 privacy breach and OAIC investigation received quite a bit of......
22 April, 2021
Securing health information: What can we learn from the OAIC’s assessment of Healthscope?
In November 2020, the OAIC released its report into Healthscope’s security and privacy processes. According......
29 March, 2021
A Quick Guide to Safely Transferring Files – Digitally
The safety of digital files in transit was recently thrown into the spotlight by the Accellion......
25 March, 2021
A solution to the trans-Atlantic data transfer problem: Cryptoloc provides GDPR supplementary measures
Brisbane based Cryptoloc’s innovative encryption process may be the supplementary measure your business needs to......
25 March, 2021
A Privacy Glossary With Key Terms for CIPP/E (Plus a Free Quiz!)
The IAPP’s Privacy Glossary contains hundreds of essential terms today’s privacy professionals need to......
20 March, 2021
3 Business Lessons From The OAIC 2020 Highlights
The OAIC 2020 Highlights Infographic gives us plenty of information about the direction of privacy......
12 March, 2021
Australia’s first cyber security case? ASIC v RI Advice
ASIC’s action against RI Advice Group might be Australia’s first cyber security case. On 21......
11 March, 2021
Data Minimisation in Practice: A Strategic Imperative in Today’s Digital Landscape
The age-old idiom “less is more” is gaining traction in the privacy sphere. Data minimisation......
22 February, 2024
Draft UK Adequacy Decisions – Things are looking up for EU-UK data transfers
The EU Commission’s draft opinion favours recognising UK as an adequate jurisdiction for data transfers,......
22 February, 2021
What’s Up With WhatsApp’s Privacy Policy?
In January, WhatsApp users received a popup outlining that they’d need to agree to the new terms......
19 February, 2021
What You Need to Know About the History of Data Privacy for Your CIPP/E Exam
If you’re reading this, you likely already know that the CIPP/E is the IAPP’s European......
13 February, 2021
December 2020 Quarterly Report: Job Trends for Australian Privacy Professionals
Summary of Key Findings in our analysis of job trends for Australian Privacy Professionals: Sydney......
10 February, 2021
Must-Have Skills for Australian Privacy Professionals in 2021
Privacy is experiencing rapid growth around the world. With change looming following the review of the......
06 February, 2021
Privacy 108 Responds to Privacy Act Issues Paper
In November 2020, the Australian Federal Government commenced its latest review of the Privacy Act......
31 January, 2021
GDPR Cross-border Transfers: Draft SCCs and Supplementary Measures
Following the drama of the Schrems II decision, the EDPB has issued new draft SCC’s......
15 December, 2020
Free on-line GDPR Training: Our Top 5 Picks
Interested in GDPR training? We’ve found some of the best FREE on-line resources for you.......
01 December, 2020
OAIC vs ACCC: Who’s leading the fight for data protection?
What can we learn from the HealthEngine case? Is the ACCC taking over from the......
09 November, 2020
GDPR Foundations and Implementation: 2 day on-line BSI Training Course available now
Want to learn more about the GDPR and how to implement a GDPR compliant privacy......
06 November, 2020
Privacy Jobs in Australia: Signs of post-COVID recovery?
This report outlines trends from our analysis of advertised privacy jobs between December 2018 and......
22 October, 2020
OAIC Determinations 2020: What can we learn?
The OAIC has been busy, releasing eight Determinations between June and September 2020[1]. Given this......
11 October, 2020
How much for using the wrong email address?
A recent determination from the OAIC (Office of the Australian Information Commissioner) sheds a little......
24 September, 2020
What’s in a name? Developing a privacy workforce taxonomy
Our research shows little consistency in titles for advertised privacy jobs in Australia. You can......
02 September, 2020
Australia’s Cyber Security Strategy 2020: What About Privacy?
Most Australian privacy and security practitioners recognise the growing importance of data protection and the......
19 August, 2020
Privacy 108 is hiring. Apply now!
Privacy 108 Consulting is expanding. We are looking for junior and senior privacy consultants (part......
04 August, 2020
Who’s responsible? Employer liability for data breaches
Are employers responsible for their employees’ data breaches? A recent decision in the UK might......
21 July, 2020
Using Artificial Intelligence to support Privacy Management
A gap between privacy and security means it’s currently harder for organisations to implement a......
20 July, 2020
PrivacyConnect Melbourne Expert Panel – July 15 2020
OneTrust is hosting an online PrivacyConnect Melbourne event on July 15, 2020. Dr Jodie Siganto......
02 July, 2020
NZ gets a new privacy law … but has it gone far enough?
On 26 June 2020, the NZ Parliament passed a bill reforming the nation’s privacy law,......
02 July, 2020
Privacy and Australia’s COVIDSafe App
How does Australia’s COVIDSafe App stack up from a privacy perspective? Introduction For most, the......
18 June, 2020
Australian class actions for data breach: A new phenomena?
Given the uncertainty about the right to sue for breach of privacy in Australia, introduction......
25 May, 2020
Test, track and trace: privacy issues for Australian businesses
Test, track and trace is becoming the universal strategy to support a move out of......
18 May, 2020
Getting a privacy gig in Australia
There’s a buzz around privacy and privacy jobs. As privacy trainers and consultants, we are......
24 April, 2020
Do Australian Organisations take privacy seriously?
Privacy concerns outstrip investment A new survey suggests that Australian organisations’ investment in privacy risk......
16 April, 2020
Cyber vs Privacy jobs: Are we repeating the same mistakes?
Listen to SecureCIO Podcast with Dr Jodie Siganto talking about privacy jobs As a keen......
07 April, 2020
Privacy Jobs in Australia: What happened in 2019?
Australian Privacy Jobs Report This report outlines the trends from our analysis of privacy jobs......
24 March, 2020