Some Lessons from OAIC v Serco
The OAIC’s determination in a recent case involving Serco and the systems it used in...
11 April, 2024
Data Minimisation: A Privacy Professional’s Guide to Slimming Down Your Data
You know you need to do it, but the data minimization project is overwhelming. You...
19 March, 2024
Most Common Privacy Failures at Organisations (and How to Overcome Them)
ISACA’s 2023 Privacy in Practice report included a list of the most common privacy failures...
24 December, 2023
After The Ink Dries: Monitoring Third Parties You Share Personal Information with Beyond Due Diligence
Third-party vendor management extends far beyond the initial signing of your contract. It’s an ongoing...
30 November, 2023
The Webs We Weave: Building Stronger Cross-Functional Privacy Practices
In February 2023, a hacker used an SMS phishing scheme on a HR employee in...
24 November, 2023
No legal professional privilege for Deloitte forensic report in Optus data breach litigation
Optus has lost a bid in the Australian federal court to keep secret a Deloitte...
19 November, 2023
OAIC sues ACL for security failure
In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of...
16 November, 2023
Data Tagging: Best Practices, Security & Implementation Tips
Data tagging helps businesses enhance data security, improve data governance, and better manage data and...
14 November, 2023
Data Catalogues: The Unsung Heroes of Organisational Privacy
Data catalogues provide a unified and searchable view of an organisation’s data and data sources....
13 October, 2023
Privacy Act changes … still more thinking to be done?
Changes to the Privacy Act changes have been been flagged in the Australian Government’s response...
10 October, 2023
ACCC fines Meta … two cops on the privacy beat
In July 2023, the Australian Federal Court ordered two subsidiaries of social media giant Meta...
06 October, 2023
Preparing for Complaints After a Privacy Breach in Australia: Legal and Business Tips
Preparing for managing customer complaints after a privacy breach is a critical step in your...
08 September, 2023
It depends … some findings from Australia’s Attitude to Privacy Survey
Interested in what Australians think about privacy, use of AI and facial recognition and the...
27 August, 2023
Third party service providers: It’s so much more than the contract
Victoria's privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), released a report into how...
11 August, 2023
Key Themes from Recent Spam Penalties by ACMA
Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land...
19 May, 2023
A new OAIC or back to the future?
This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will...
16 May, 2023
Increased Accountability Obligations: Privacy Act Review Report Deep Dive Part 4
In February 2023, the Australian Attorney-General released its Privacy Act Review Report 2022 and we...
08 May, 2023
Privacy Awareness Week 2023: Back to basics
Privacy Awareness Week 2023 is May 1 to 7, 2023. This year the theme is...
25 April, 2023
Data Inventories: Best Practices & Practical Implementation Tips
An accurate and up-to-date data inventory is the basis of any privacy program. And with...
01 March, 2023
More on recording conversations in Australia: What is allowed?
Can you record conversations in Australia? This is the most common question we get asked...
25 January, 2023
ISO 31700: New ISO Standard for Privacy by Design
ISO is set to launch a new privacy standard in February: ISO 31700 Privacy by...
24 January, 2023
Online DNA Testing – Solving mysteries and creating new problems?
DNA testing – should we care? You may have seen The Lost King, a fascinating film...
23 January, 2023
How Do You Legally Change Your Privacy Policy?
The recent ACCC v Google LLC decision provides useful advice. Google recently defeated an action by...
20 January, 2023
Big data and de-identification: Taking a risk management approach
Big data offers huge benefits: it improves human life with new medical and health solutions...
11 January, 2023
Privacy for Call Centres: Increase Privacy with These 5 Tips
Call centres are hotbeds for the collection – and theft and misuse - of personal...
04 December, 2022
CPRA: New privacy obligations in California to take effect from 1 January 2023
The CPRA (California Privacy Rights Act) is set to change the face of privacy in...
24 November, 2022
Worried about Data Breaches? How Privacy by Design can help
The increase in data breaches has highlighted that organisations are holding onto data, a lot...
24 November, 2022
Privacy Act Amendments: Real deterrent or window dressing?
With Optus and Medibank data breaches affecting over 10 million Australians, many have pointed to...
09 November, 2022
Privacy by Design: How to Bake Privacy in Early
Using privacy by design to bake privacy in early is becoming a must. The benefits...
30 September, 2022
Metadata access is being abused. Who would have thought?
In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata...
27 September, 2022
Employee Photos and Privacy: What You Need To Know
Key takeaways: Employee photos may be personal information for the purposes of the Privacy Act,...
10 April, 2021
CCTV Laws in Australia: 5 Tips for Managing CCTV Privacy Issues
Privacy has been in the headlines recently following the CHOICE investigation into the use of...
11 July, 2022
Email Marketing Laws in Australia That Direct Marketers Need to Know About
Email marketing is remarkably effective. In its 2021 Email Marketing ROI Statistics report Barilliance cites the average return-on-investment...
07 May, 2021
Is a work email address covered by privacy laws?
One of the most common privacy questions is: are work email addresses considered personal information...
11 October, 2021
Privacy engineering (and engineers) are hot!
Privacy engineering has emerged as a vital function for almost every business. Privacy engineers can...
12 May, 2022
ISO 27701 Privacy Management System: How useful is it?
ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal...
05 May, 2020
Career Roadmap for Privacy Professionals in Australia
Privacy is an exciting field that’s attracting plenty of attention in the media. It’s an...
06 March, 2021
Data Mapping: How to Map Your Data for Better Privacy Management
Data mapping is one of the most critical steps in any privacy program. Maintaining a...
19 June, 2021
How Much Does a Privacy Breach Cost in Australia?
Phenomenally high penalties pertaining to privacy breaches are now routinely found in news headlines. In...
16 March, 2022
Privacy Officers: What do they do?
Google Trends tells us there has been a slow and steady increase in interest in...
09 June, 2021
Woolworths’ New Privacy Policy: Making privacy simple?
The Woolworths Group have updated their Privacy Policy. The new policy is good but could...
06 February, 2021
Flight Centre’s Design Jam Data Breach: What can we learn?
Flight Centre, Australia’s largest travel agency suffered a data breach affecting nearly 7,000 customers, as...
16 February, 2021
The Difference Between ‘Security’ and ‘Privacy’ Jobs – And Why IT Matters
Today, there’s no such thing as the ‘ideal background’ for a privacy professional. Privacy is...
01 April, 2021
Australian Privacy Jobs Quarterly Report – Sep 2022
Privacy 108’s analysis of Australian privacy jobs advertised in September 2022 is now available. Main Findings...
17 November, 2022
Australian Privacy Jobs Quarterly Report – June 2022
Privacy 108’s analysis of Australian privacy jobs advertised in June 2022 is now available. Main Findings...
25 July, 2022
Preparing for the iapp CIPP/E Exam? Some exam prep tips
Thinking of taking the iapp CIPP/E exam but not sure how to prepare or whether...
22 October, 2020
Privacy Cases in Australia: Any Progress?
In 2019, we reported on three (3) Australian data breach class actions. Nearly 2 years...
26 May, 2020
Quick Tips for Communicating About Privacy Issues Within Your Organisation
Cookies, aggregated data, dark patterns, and ransomware are just a few of thousands of privacy-related...
08 September, 2022
Queensland’s Information Privacy Act review: What’s being considered?
Queensland is updating its Information Privacy and Right to Information Framework, with a consultation paper...
10 August, 2022
5 Key Questions Boards Should Ask About Cyber Incidents
The frequency of ransomware attacks is rising, as is the average cost of a privacy...
24 July, 2022
Australian Privacy Jobs Quarterly Report – March 2022
Privacy 108’s analysis of Australian privacy jobs advertised in March 2022 is now available. Main Findings...
07 June, 2022
How to Structure Your Privacy Team
We revealed in our December 2021 Privacy Jobs Report that larger organisations are increasingly implementing...
07 June, 2022
5 Tips for Successfully Implementing Privacy by Design
In a world where there’s no cookie cutter template to privacy, companies are hungry for...
30 May, 2022
Delayed Data Breach Notification: When is it okay to delay?
Under Australian law, organisations are required to notify the Office of the Australian Information Commissioner...
22 April, 2022
Privacy Shield 2.0 is Coming – But is the new EU-US data transfer mechanism here to stay?
The Whitehouse and EU Commission announced the impending arrival of Privacy Shield 2.0 on 25...
13 April, 2022
What does it take to be a DPO?
The EU General Data Protection Regulation (GDPR) requires certain organisations to appoint a data protection...
29 March, 2022
How to Write a Better Privacy Policy: Best Practices for Privacy Policies
Australia’s Privacy Act 1988 requires APP entities to have a clear and up-to-date privacy policy...
26 March, 2022
Privacy Program FAQs for Privacy Professionals
As customers become more alert to privacy issues, organisational privacy programs must achieve customer trust...
11 February, 2022
Australian Privacy Jobs Quarterly Report – December 2021
Privacy 108’s analysis of Australian privacy jobs advertised in December 2021 is now available. Main Findings...
14 January, 2022
3 Gamechanging New Year’s Privacy Resolutions for Your Business in 2022
As the new year approaches, it’s time to consider your resolutions for 2022. Business owners...
10 December, 2021
Australian Privacy Jobs Quarterly Report – September 2021
Privacy 108’s analysis of Australian privacy jobs advertised in September 2021 is now available. Main Findings...
26 October, 2021
The Changing Landscape of Cookie Laws in APAC
How are Cookie laws changing in APAC? We recently covered the move away from the use...
25 October, 2021
What is a Privacy Consultant?
Interested in becoming a privacy consultant? Not sure what experience is required or what you...
28 September, 2021
Australian Privacy Jobs Quarterly Report – June 2021
Privacy 108’s analysis of Australian privacy jobs advertised in June 2021 is now available. Main Findings...
17 August, 2021
Privacy by Design: A Future-Focused Privacy Approach for Your Organisation
The constantly changing global privacy landscape may seem overwhelming. More jurisdictions are enacting increasingly robust...
06 August, 2021
Privacy Enhancing Technology: Demystifying Privacy Management Solutions
More organisations are looking at automated solutions to support the efficient management of their privacy...
17 July, 2021
Welcome to our New Team Member
A very warm welcome to Alicia, the newest member of the Privacy 108 team! An incredible...
30 June, 2021
Cybersecurity in the ‘Next Normal’: Minimum Standards When Working From Home
The white-collar workforce is likely to look very different long into the future. While some...
25 June, 2021
Privacy Impact Assessments as a Business Tool: Make better decisions with PIAs
Privacy impact assessments are an underutilised tool that organisations can use to enhance data protection...
12 June, 2021
Concluding the Saga? The New SCCs for GDPR-Compliant Third-Party Data Transfers Have Arrived
On 4 June, the European Commission (EC) published its finalised version of the new Standard...
11 June, 2021
Reducing Privacy Risk As You Grow: Business Lessons from the Services NSW Data Breach
Last year, Services NSW suffered data breaches that exposed the personal information of more than...
28 May, 2021
Privacy funding in the 2021 Australian Federal Budget
Was privacy a winner in the 2021 Federal budget? Not really …. Unless you think...
23 May, 2021
World-First Enforcement in ACCC v Google: Here’s What You Need To Know
The ACCC has successfully argued that Google engaged in misleading and deceptive conduct in a world-first enforcement proceeding....
22 May, 2021
Digital Privacy in Australia in 2021: 3 Lessons for Australian Businesses from Global Privacy Laws
Global privacy law is undergoing massive change. Different countries are trying to keep up with...
19 May, 2021
Make Privacy A Priority: Privacy Awareness Week in 2021
Privacy Awareness Week (PAW) takes place in the first week of May each year. This...
01 May, 2021
5 Steps to Ensure Your Privacy Policies are Effective
Our earlier article about Flight Centre’s 2017 privacy breach and OAIC investigation received quite a bit of...
22 April, 2021
Securing health information: What can we learn from the OAIC’s assessment of Healthscope?
In November 2020, the OAIC released its report into Healthscope’s security and privacy processes. According...
29 March, 2021
A Quick Guide to Safely Transferring Files – Digitally
The safety of digital files in transit was recently thrown into the spotlight by the Accellion...
25 March, 2021
A solution to the trans-Atlantic data transfer problem: Cryptoloc provides GDPR supplementary measures
Brisbane based Cryptoloc's innovative encryption process may be the supplementary measure your business needs to...
25 March, 2021
3 Business Lessons From The OAIC 2020 Highlights
The OAIC 2020 Highlights Infographic gives us plenty of information about the direction of privacy...
12 March, 2021
Australia’s first cyber security case? ASIC v RI Advice
ASIC's action against RI Advice Group might be Australia's first cyber security case. On 21 August...
11 March, 2021
Data Minimisation in Practice: A Strategic Imperative in Today’s Digital Landscape
The age-old idiom “less is more” is gaining traction in the privacy sphere. Data minimisation...
22 February, 2024
Draft UK Adequacy Decisions – Things are looking up for EU-UK data transfers
The EU Commission’s draft opinion favours recognising UK as an adequate jurisdiction for data transfers,...
22 February, 2021
What’s Up With WhatsApp’s Privacy Policy?
In January, WhatsApp users received a popup outlining that they’d need to agree to the new terms...
19 February, 2021
December 2020 Quarterly Report: Job Trends for Australian Privacy Professionals
Summary of Key Findings in our analysis of job trends for Australian Privacy Professionals: Sydney...
10 February, 2021
Must-Have Skills for Australian Privacy Professionals in 2021
Privacy is experiencing rapid growth around the world. With change looming following the review of the...
06 February, 2021
Privacy 108 Responds to Privacy Act Issues Paper
In November 2020, the Australian Federal Government commenced its latest review of the Privacy Act...
31 January, 2021
GDPR Cross-border Transfers: Draft SCCs and Supplementary Measures
Following the drama of the Schrems II decision, the EDPB has issued new draft SCC’s...
15 December, 2020
Free on-line GDPR Training: Our Top 5 Picks
Interested in GDPR training? We’ve found some of the best FREE on-line resources for you. Selecting...
01 December, 2020
OAIC vs ACCC: Who’s leading the fight for data protection?
What can we learn from the HealthEngine case? Is the ACCC taking over from the...
09 November, 2020
Privacy Jobs in Australia: Signs of post-COVID recovery?
This report outlines trends from our analysis of advertised privacy jobs between December 2018 and...
22 October, 2020
OAIC Determinations 2020: What can we learn?
The OAIC has been busy, releasing eight Determinations between June and September 2020[1]. Given this...
11 October, 2020
How much for using the wrong email address?
A recent determination from the OAIC (Office of the Australian Information Commissioner) sheds a little...
24 September, 2020
What’s in a name? Developing a privacy workforce taxonomy
Our research shows little consistency in titles for advertised privacy jobs in Australia. You can...
02 September, 2020
Australia’s Cyber Security Strategy 2020: What About Privacy?
Most Australian privacy and security practitioners recognise the growing importance of data protection and the...
19 August, 2020
Privacy 108 is hiring. Apply now!
Privacy 108 Consulting is expanding. We are looking for junior and senior privacy consultants (part...
04 August, 2020
Who’s responsible? Employer liability for data breaches
Are employers responsible for their employees' data breaches? A recent decision in the UK might allay...
21 July, 2020
Using Artificial Intelligence to support Privacy Management
A gap between privacy and security means it’s currently harder for organisations to implement a...
20 July, 2020
PrivacyConnect Melbourne Expert Panel – July 15 2020
OneTrust is hosting an online PrivacyConnect Melbourne event on July 15, 2020. Dr Jodie Siganto is...
02 July, 2020
Privacy and Australia’s COVIDSafe App
How does Australia’s COVIDSafe App stack up from a privacy perspective? Introduction For most, the exit strategy...
18 June, 2020
Australian class actions for data breach: A new phenomena?
Given the uncertainty about the right to sue for breach of privacy in Australia, introduction...
25 May, 2020
Test, track and trace: privacy issues for Australian businesses
Test, track and trace is becoming the universal strategy to support a move out of...
18 May, 2020
Getting a privacy gig in Australia
There’s a buzz around privacy and privacy jobs. As privacy trainers and consultants, we are...
24 April, 2020
Do Australian Organisations take privacy seriously?
Privacy concerns outstrip investment A new survey suggests that Australian organisations’ investment in privacy risk and...
16 April, 2020
Cyber vs Privacy jobs: Are we repeating the same mistakes?
Listen to SecureCIO Podcast with Dr Jodie Siganto talking about privacy jobs As a keen observer...
07 April, 2020
Privacy Jobs in Australia: What happened in 2019?
Australian Privacy Jobs Report This report outlines the trends from our analysis of privacy jobs advertised...
24 March, 2020