Privacy

Training AI With Personal Information – Important Considerations

There was a flurry of activity about the training of large language models in Europe...

26 February, 2025

5 Developments in Australian Privacy To Keep An Eye On This Year

Late last year, our team got together to discuss the privacy happenings in 2024 and...

29 January, 2025

Understanding India’s Draft Digital Personal Data Protection Act (DPDPA) Rules: Key Insights

The Digital Personal Data Protection Act, 2023 (DPDPA) – India’s new, comprehensive privacy law -...

15 January, 2025

IAPP Privacy Governance Report 2024: Key Takeaways from an Australian Perspective

In November 2024, the International Association of Privacy Professionals (IAPP) published its annual Privacy Governance...

11 January, 2025

Themes and Trends in Privacy and Security in 2024

As 2024 draws to a close, our team got together to reflect on the state...

22 December, 2024

OAIC and Facebook’s Enforceable Undertaking … Kind Of Good News??

This week, Meta (Facebook) and OAIC announced they had agreed to an enforceable undertaking (EU),...

20 December, 2024

5 Reasons You Should Offer Organisation-Wide Privacy Training

Organisation-wide privacy training should be a no-brainer: it’s in the top messages from all regulators...

19 December, 2024

Deidentification Expectations in AI: A Refined Perspective

In October 2024, the Office of the Australian Information Commissioner (OAIC) released two significant guides...

04 December, 2024

About The Bunnings Privacy Decision: CCTV and Facial Recognition Technology Are A Potent Mix

Combining CCTV with facial recognition technology is a new-ish technology that has slipped under the...

28 November, 2024

Yes, You Can Face Legal Consequences For (Mis)Using Generative AI

In 2023, Brian Hood (an Australian mayor) made headlines for what was going to be...

28 November, 2024

Where Are We With The Privacy Act Reforms? A November 2024 Update

If you’re curious about the status of the first tranche of Privacy Act reforms, here’s...

21 November, 2024

More OAIC Guidance… This Time On Pixels

The privacy issues associated with the use of cookies in Australia has arguably been unclear...

20 November, 2024

New OAIC Guidance On Privacy For Not-For-Profits

In October 2024, Australia’s OAIC released updated privacy guidance for charities and other not-for-profit organisations. This...

10 November, 2024

Is It A Privacy Violation To Send A Work Email Celebrating Someone’s Birthday?

You’ve worked there before. The company where you get cupcakes every time it’s someone’s birthday,...

04 November, 2024

I-MED’s Data Headache: Unauthorised Access & Unauthorised Disclosure Double Whammy

The last ten days of September were tough for Australia’s largest medical imaging provider, I-MED....

24 October, 2024

New Cyber Security Regulation for Australia

Draft new cyber security bills were released this month. The purpose of the new laws...

15 October, 2024

How Organisations Should Prepare For The Proposed Privacy Law Reforms

On Thursday 12 September 2024, the Privacy and Other Legislation Amendment Bill 2024 (Bill) was...

22 September, 2024

Lessons From The OAIC Data Breach Report: Jan–June 2024

The January to June 2024 Data Breach Report from the Office of the Australian Information...

18 September, 2024

Even With The Proposed Privacy Act Changes, We Are Not There Yet

After nearly five years of discussion, the much-anticipated Privacy Act changes were introduced into Parliament...

17 September, 2024

Business person sitting at a laptop computer holding an illustrated illuminated letter with multiple other letters flying into the screen (to indicate that they're being sent)

Managing Personal Information Shared By Email

Human error data breaches through email are extremely common. The convenience, familiarity, and relative informality...

12 September, 2024

AI guardrails proposed for Australia

The Australian Federal Government announced in September 2024 that it will release ten mandatory AI...

11 September, 2024

Data Hoarding: Addressing the Behavioural and Cultural Challenges of Data Minimisation

We all know about hoarders – but what about data hoarders? Is it a ‘thing’...

04 September, 2024

How Far Does The Privacy Act Employee Record Exemption Go?

Employee records of current or former private sector employees are exempt from the Australian Privacy...

22 August, 2024

Lessons From CrowdStrike’s Incident Communications

On July 19, 2024, we saw a major global IT outage caused by a faulty...

21 August, 2024

Understanding The Data Management Ecosystem

Understanding and managing your data is becoming a fundamental piece of any privacy compliance program....

08 August, 2024

Considerations For Creating Your Data Retention Strategy

The last few years have seen a shift from data being the new oil to...

07 August, 2024

Buyer Beware: Managing The Risks of Data From Data Brokers

Data brokers play a significant (and extremely personal information-intensive) role in Australia’s business ecosystem. However,...

26 July, 2024

Deep Dive: ISO 29100 – Privacy Framework

ISO 29100 Privacy Framework is a standard all privacy practitioners should be aware of. Substantially...

12 July, 2024

European Data Protection Cases You Should Know About

If you’re taking the CIPP/E or just interested in how European and EU data protection...

29 May, 2024

Paw 2024 Wrap Up: Key Lessons From Privacy Awareness Week

Australia’s Privacy Awareness Week wrapped up on 12 May, but the components of its theme,...

26 May, 2024

Data Breach Reporting Obligations in Australia: Lessons from Recent Determinations

We’ve analysed two determinations from the Australian Information Commissioner relating to data breach reporting and...

15 May, 2024

Privacy Considerations For Marketing Teams in Australia (Downloadable)

We’ve prepared this guide for personnel who engage in direct marketing activities, particularly those who...

07 May, 2024

Privacy Act Changes To Support Greater Transparency

What will the proposed changes to Australia’s Privacy Act mean for transparency? For Privacy Awareness Week...

01 May, 2024

Privacy Starts With Transparency: Privacy Awareness Week 2024

For Privacy Awareness Week 2024 (from 6-12 May 2024), organisations are being asked to 'power...

30 April, 2024

Managing Vendor Privacy Risk: A Guide to Third-Party Suppliers & Privacy [Ebook Download]

We recently published our comprehensive guide to managing vendor privacy risk in 2024. The 17-page ebook...

24 March, 2024

Data Minimisation: A Privacy Professional’s Guide to Slimming Down Your Data

You know you need to do it, but the data minimization project is overwhelming. You...

19 March, 2024

Cybersecurity Regulations in Europe: What’s Happening – & What’s Coming?

Things are changing quickly in cybersecurity regulation in Europe. Here’s a list of the existing...

30 January, 2024

Privacy Impact Assessment Triggers: When Should You Do a PIA?

Privacy Impact Assessments are a powerful and often overlooked tool. They’re a compliance requirement, in...

28 January, 2024

AI Anyone? 2023 Reflections from the Privacy Perspective

As the end of 2023 approaches (thank goodness say some!), let’s reflect on some of...

29 December, 2023

Most Common Privacy Failures at Organisations (and How to Overcome Them)

ISACA’s 2023 Privacy in Practice report included a list of the most common privacy failures...

24 December, 2023

After The Ink Dries: Monitoring Third Parties You Share Personal Information with Beyond Due Diligence

Third-party vendor management extends far beyond the initial signing of your contract. It’s an ongoing...

30 November, 2023

The Webs We Weave: Building Stronger Cross-Functional Privacy Practices

In February 2023, a hacker used an SMS phishing scheme on a HR employee in...

24 November, 2023

No legal professional privilege for Deloitte forensic report in Optus data breach litigation

Optus has lost a bid in the Australian federal court to keep secret a Deloitte...

19 November, 2023

OAIC sues ACL for security failure

In November 2023, the Office of the Australian Information Commissioner (OAIC) announced the commencement of...

16 November, 2023

Queensland’s Data Breach Notification Scheme for Government Agencies

Queensland looks to join NSW as the only other Australian state with a mandatory data...

01 November, 2023

The 2023 Updated CIPT Body of Knowledge: What Has Changed?

Privacy for technologists is a rapidly developing field. The IAPP’s CIPT Body of Knowledge has...

21 October, 2023

Data Catalogues: The Unsung Heroes of Organisational Privacy

Data catalogues provide a unified and searchable view of an organisation’s data and data sources....

13 October, 2023

Privacy Act changes … still more thinking to be done?

Changes to the Privacy Act changes have been been flagged in the Australian Government’s response...

10 October, 2023

ACCC fines Meta … two cops on the privacy beat

In July 2023, the Australian Federal Court ordered two subsidiaries of social media giant Meta...

06 October, 2023

OAIC Data Breach Report: January – June 2023

Key Findings in the OAIC’s Data Breach Report: January – June 2023 Some of the most...

28 September, 2023

RIP Passwords: Are Passkeys the Future of Account Security?

Passwords are probably the most well-known account security feature that exists today. But they’re problematic....

28 September, 2023

What To Do If a Third Party Mishandles Data Your Organisation Shared with It

Earlier this year, news broke about a third-party data breach that impacted the personal information...

27 September, 2023

Preparing for Complaints After a Privacy Breach in Australia: Legal and Business Tips

Preparing for managing customer complaints after a privacy breach is a critical step in your...

08 September, 2023

Which Privacy Certification is Right for Me?

Privacy skills are in demand. And as the demand grows and the privacy industry matures,...

04 September, 2023

It depends … some findings from Australia’s Attitude to Privacy Survey

Interested in what Australians think about privacy, use of AI and facial recognition and the...

27 August, 2023

Privacy and Security in Mobile App Development: Tips to Creating Better Apps

Following the highly-publicised ban of TikTok on government devices, Australians are starting to pay more...

18 August, 2023

Third party service providers: It’s so much more than the contract

Victoria's privacy watchdog, the Office of the Victorian Information Commissioner (OVIC), released a report into how...

11 August, 2023

5 Tips for Managing Third Party Security Risk

It’s rare for an organization to not use at least one third party – whether...

28 July, 2023

Lessons from the HWL Ebsworth Data Breach

The HWL Ebsworth data breach has sent shivers down the spine of every professional consulting...

28 July, 2023

The AFP in trouble again for its use of AI … with no privacy impact assessment

The OAIC are again investigating the Australian Federal Police over AI surveillance concerns, this time...

27 July, 2023

Australia’s AI regulation discussion paper: Late to the party again …

Regulating AI has been on the agenda globally for some time, amid growing concern over...

24 July, 2023

Finally! A new EU-US Data Transfer Framework

After three years of limbo, personal data can flow from the EU to companies in...

12 July, 2023

AI Regulation Around The World

In May, hundreds of AI experts warned that AI (if left unchecked) could pose an...

30 June, 2023

Privacy after death: Time for a re-think?

In Australia, privacy protections don't apply once you're dead. What do Kylie Minogue, John Lennon, Madge...

29 June, 2023

Tips For Developing an Effective Privacy Training Program

What do these scenarios have in common? Images of a woman sitting on a toilet...

16 June, 2023

Emerging Privacy Enhancing Technologies: A Summary of the OECD 2023 PET Report

The Organisation for Economic Co-operation and Development (OECD) published a report on privacy enhancing technologies...

12 June, 2023

Managing ChatGPT and Privacy in Australian Organisations

ChatGPT promises to revolutionise the way we write and work. In late May, Thomson Reuters...

01 June, 2023

Key Themes from Recent Spam Penalties by ACMA

Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land...

19 May, 2023

A new OAIC or back to the future?

This month the Commonwealth Attorney-General, Mark Dreyfus, announced that a stand-alone Australian Privacy Commissioner will...

16 May, 2023

More about dark patterns …

Dark patterns is a subject close to our heart. We’ve written about them before, including: Dark...

09 May, 2023

Increased Accountability Obligations: Privacy Act Review Report Deep Dive Part 4

In February 2023, the Australian Attorney-General released its Privacy Act Review Report 2022 and we...

08 May, 2023

3 Steps to Safeguard Privacy

In the spirit of Privacy Awareness Week 2023, we are sharing 3 tips to safeguard...

07 May, 2023

Organisational Privacy Basics: Privacy Awareness Week 2023

Privacy Awareness Week 2023 runs from May 1 to May 7. To build on this...

28 April, 2023

New Australian Laws Proposed for Direct Marketing, Targeting, & Data Analytics: Privacy Act Review Report Deep Dive Part 3

We’ll continue our deep dive into Australia’s Privacy Act Review report in this article. We...

26 April, 2023

Privacy Awareness Week 2023: Back to basics

Privacy Awareness Week 2023 is May 1 to 7, 2023. This year the theme is...

25 April, 2023

Ch. Ch. Ch. Changing Definitions in Australian Privacy: Privacy Act Review Deep Dive

We’re continuing our deep dive into the Privacy Act Review Report. You can read our...

18 April, 2023

Responding to Access Requests: Practical Tips to Meet Your Privacy Obligations

Organisations covered by the Australian Privacy Act must provide access to the personal information the...

12 April, 2023

Australia’s First Major Financial Services Provider Breach: Latitude Financial Ransomware Update

Australian financial services provider, Latitude Financial, has announced that it has suffered a data breach...

27 March, 2023

Differential Privacy: Where Maths and Privacy Meet

Differential privacy is a formal mathematical definition of privacy. At its core, implementing differential privacy...

20 March, 2023

Data Management Strategy: No Longer a Nice-to-Have

The importance of organisational data is growing each year. And today, a data management strategy...

11 March, 2023

OAIC Data Breach Report: July – December 2022

Key Findings in the OAIC’s Data Breach Report: July – December 2022 The OAIC highlighted the...

03 March, 2023

Data Inventories: Best Practices & Practical Implementation Tips

An accurate and up-to-date data inventory is the basis of any privacy program. And with...

01 March, 2023

Avoiding Privacy Issues When Recruiting Staff: 10 Practical Tips

When a potential hire sends you their CV, you will likely collect their personal information....

25 February, 2023

Can You Use Google Analytics in the EU? A Guide for Australian Organisations

In January 2022, Austria became the first EU country to state that the continuous use...

10 February, 2023

Melbourne School Data Breach: Lessons for Handling Credit Card Hacks

Around 400 parents of current and former Mount Lilydale Mercy students were recently alerted to...

03 February, 2023

Privacy Do’s and Don’ts for Australian Websites

The widespread information about website requirements for organisations covered by the GDPR and California Privacy...

27 January, 2023

More on recording conversations in Australia: What is allowed?

Can you record conversations in Australia? This is the most common question we get asked...

25 January, 2023

ISO 31700: New ISO Standard for Privacy by Design

ISO is set to launch a new privacy standard in February: ISO 31700 Privacy by...

24 January, 2023

Online DNA Testing – Solving mysteries and creating new problems?

DNA testing – should we care? You may have seen The Lost King, a fascinating film...

23 January, 2023

How Do You Legally Change Your Privacy Policy?

The recent ACCC v Google LLC decision provides useful advice. Google recently defeated an action by...

20 January, 2023

Big data and de-identification: Taking a risk management approach

Big data offers huge benefits: it improves human life with new medical and health solutions...

11 January, 2023

Key Takeaways from TechCrunch’s List of Badly Handled Data Breaches in 2022

TechCrunch recently released its list of the most badly handled data breaches in 2022. Surprisingly...

10 January, 2023

Buying yourself online – an introduction to privacy issues with online DNA testing

A free online webinar on February 8th 2023 by Dr Andelka M. Phillips - Senior...

21 December, 2022

Privacy Issues for Employers Using Biometrics in the Workplace

Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track...

20 December, 2022

Email Snafu – What to Do If You Send Personal Information to the Wrong Email

The OAIC’s latest reporting shows that 33% of human error data breaches in Australia are...

15 December, 2022

Privacy for Call Centres: Increase Privacy with These 5 Tips

Call centres are hotbeds for the collection – and theft and misuse - of personal...

04 December, 2022

CPRA: New privacy obligations in California to take effect from 1 January 2023

The CPRA (California Privacy Rights Act) is set to change the face of privacy in...

24 November, 2022

Worried about Data Breaches? How Privacy by Design can help

The increase in data breaches has highlighted that organisations are holding onto data, a lot...

24 November, 2022

Trans-Atlantic Data Privacy Framework: A Solution to EU/US Cross Border Data Transfer Issues

It has been some time since we covered data flows between the EU and US....

17 November, 2022

Questions Boards Should Ask About Cybersecurity

The days of board directors delegating oversight of cybersecurity to department managers are long behind...

10 November, 2022

Privacy Act Amendments: Real deterrent or window dressing?

With Optus and Medibank data breaches affecting over 10 million Australians, many have pointed to...

09 November, 2022

Biometrics in Schools and Privacy Issues: What Could Go Wrong?

Biometric technologies have been making their way into schools for years. It's not uncommon for...

28 October, 2022

California’s Sephora Enforcement Action – What Does It Mean for Australian Organisations?

While million-dollar fines are commonplace in Europe, the $1.2million settlement following the Sephora Enforcement Action...

21 October, 2022

Email Marketing Compliance Do’s & Don’ts When Buying Lists and Data Scraping

Email marketing can be exceptionally effective – but engaging in it is also rife with...

17 October, 2022

The Optus Data Breach Communications – A Case Study of What Not to Do in the Wake of a Breach

There has been a great deal of backlash in the wake of the Optus data...

05 October, 2022

Optus Data Breach: Time for change?

The Optus data breach has exposed how harmful a cyber incident can be. Many are...

05 October, 2022

Privacy by Design: How to Bake Privacy in Early

Using privacy by design to bake privacy in early is becoming a must. The benefits...

30 September, 2022

Optus data breach – Listen to Dr Jodie Siganto on ABC Radio

Dr Jodie Siganto was one of the privacy and security experts interviewed by the ABC...

27 September, 2022

Metadata access is being abused. Who would have thought?

In September 2022 the Commonwealth Ombudsman reported a major spike in surveillance involving telco metadata...

27 September, 2022

The Right to Privacy & Roe v Wade: The Little-Known Link Between Privacy Rights and Abortion Explained

Roe v Wade, the US Supreme Court case which protected the right to abortion for...

23 September, 2022

Employee Photos and Privacy: What You Need To Know

Key takeaways: Employee photos may be personal information for the purposes of the Privacy Act,...

10 April, 2021

CCTV Laws in Australia: 5 Tips for Managing CCTV Privacy Issues

Privacy has been in the headlines recently following the CHOICE investigation into the use of...

11 July, 2022

Email Marketing Laws in Australia That Direct Marketers Need to Know About

Email marketing is remarkably effective. In its 2021 Email Marketing ROI Statistics report Barilliance cites the average return-on-investment...

07 May, 2021

Australia’s AI Ethical Framework: Another paper tiger?

Like many countries Australia has an AI ethical framework. But how influential will it be...

08 July, 2021

Is a work email address covered by privacy laws?

One of the most common privacy questions is: are work email addresses considered personal information...

11 October, 2021

What does privacy compliance cost Australian small businesses?

Small businesses[1] are largely exempt from the Australian Privacy Act 1988 (Cth) and this is...

14 December, 2021

Data Breach Notifications in Australia: The basic guide to who, what, when, how, and why

The Office of the Australian Information Commissioner (OAIC) recently released its Notifiable Data Breaches Report: January...

26 October, 2021

ISO 27701 Privacy Management System: How useful is it?

ISO 27701 provides guidance on the protection of privacy, including how organizations should manage personal...

05 May, 2020

Career Roadmap for Privacy Professionals in Australia

Privacy is an exciting field that’s attracting plenty of attention in the media. It’s an...

06 March, 2021

OAIC Determinations: A slice and dice of the data

The Privacy 108 team has reviewed OAIC determinations published since 1 November 2010 and identified...

03 July, 2022

Data Mapping: How to Map Your Data for Better Privacy Management

Data mapping is one of the most critical steps in any privacy program. Maintaining a...

19 June, 2021

New security obligations for Australian Critical Infrastructure Providers: Why?

Rushed, imprecise and unlikely to be enforced? And most importantly, why? In November 2020, the Australian...

13 December, 2020

More surveillance powers for Australian law enforcement

Australian federal law enforcement agencies can now alter online data and take over on-line accounts....

09 September, 2021

Ransomware in Australia: Legal Liability, Notifications and Your Obligations

Ransomware in Australia is on the rise! As a result, regulators are paying more and...

23 March, 2022

Privacy Officers: What do they do?

Google Trends tells us there has been a slow and steady increase in interest in...

09 June, 2021

Woolworths’ New Privacy Policy: Making privacy simple?

The Woolworths Group have updated their Privacy Policy. The new policy is good but could...

06 February, 2021

IKEA France’s CEO Handed a Suspended Sentence for Spying on Employees: Could This Happen in Australia?

In June, Swedish furniture chain IKEA was ordered to pay a fine of 1 million...

14 August, 2021

Flight Centre’s Design Jam Data Breach: What can we learn?

Flight Centre, Australia’s largest travel agency suffered a data breach affecting nearly 7,000 customers, as...

16 February, 2021

The Difference Between ‘Security’ and ‘Privacy’ Jobs – And Why IT Matters

Today, there’s no such thing as the ‘ideal background’ for a privacy professional. Privacy is...

01 April, 2021

Australian Privacy Jobs Quarterly Report – Sep 2022

Privacy 108’s analysis of Australian privacy jobs advertised in September 2022 is now available. Main Findings...

17 November, 2022

Australian Privacy Jobs Quarterly Report – June 2022

Privacy 108’s analysis of Australian privacy jobs advertised in June 2022 is now available. Main Findings...

25 July, 2022

Preparing for the iapp CIPP/E Exam? Some exam prep tips

Thinking of taking the iapp CIPP/E exam but not sure how to prepare or whether...

22 October, 2020

Calling Out 3 of the Biggest Privacy Fails of 2021

Privacy Awareness Week 2022 runs from 2-8 May. To highlight this year’s theme: Privacy –...

15 April, 2022

Privacy Cases in Australia: Any Progress?

In 2019, we reported on three (3) Australian data breach class actions. Nearly 2 years...

26 May, 2020

5 Tips on Preparing for the CIPP/E exam

5 practical tips on CIPP/E exam prep for anyone thinking of taking the exam. What is...

28 October, 2021

Voice Recording Laws: Is It Legal to Record a Conversation in Australia?

Australia has a patchwork of state laws that cover listening devices and the surveillance of...

15 September, 2022

Quick Tips for Communicating About Privacy Issues Within Your Organisation

Cookies, aggregated data, dark patterns, and ransomware are just a few of thousands of privacy-related...

08 September, 2022

Banner with the Chinese flag where the red background includes data processing. There's a text overlay that says China's PIPL

Who Needs to Comply with China’s PIPL?

Organisations are getting used to the extraterritorial scope of privacy laws enacted in other countries,...

20 August, 2022

A Privacy Compliance Tool to Overcome Common Privacy Issues You Need to Avoid

Compliance with Australia’s Privacy Principles is non-negotiable for organisations covered by Australia’s privacy laws (APP...

16 August, 2022

Canada’s Digital Charter Implementation Act 2022 – And What Australia Can Learn From It

Canada appears to be looking to update and strengthen its digital privacy with the introduction...

12 August, 2022

Queensland’s Information Privacy Act review: What’s being considered?

Queensland is updating its Information Privacy and Right to Information Framework, with a consultation paper...

10 August, 2022

The American Data Privacy and Protection Act (ADPPA): What’s happening?

The American Data Privacy and Protection Act (ADPPA) is making its way through the US...

10 August, 2022

ISACA CISM Exam Update: What’s Changed

The ISACA updates the content of its curriculum and exams around every five years. The...

29 July, 2022

5 Key Questions Boards Should Ask About Cyber Incidents

The frequency of ransomware attacks is rising, as is the average cost of a privacy...

24 July, 2022

What is Australia doing about scams? The ACCC’s 3 pronged approach

The Australian Competition and Consumer Commission (ACCC) has proposed a “three-pronged approach” to ensure Australia...

22 July, 2022

Thailand Privacy Law Becomes Operational: 5 Compliance Issues

Thailand enacted its comprehensive privacy law on 28 May 2019. After giving covered organisations three...

14 July, 2022

What Privacy Professionals Need to Know About Dark Patterns Regulation

Dark patterns regulation has emerged as a focus in both the US and EU over...

30 June, 2022

Privacy Enforcement in APAC: Privacy Breach Penalties by APAC Regulators

Privacy breaches and enforcement in Europe, the US, and Australia garner much media attention in...

17 June, 2022

Australian Privacy Jobs Quarterly Report – March 2022

Privacy 108’s analysis of Australian privacy jobs advertised in March 2022 is now available. Main Findings...

07 June, 2022

How to Structure Your Privacy Team

We revealed in our December 2021 Privacy Jobs Report that larger organisations are increasingly implementing...

07 June, 2022

5 Tips for Successfully Implementing Privacy by Design

In a world where there’s no cookie cutter template to privacy, companies are hungry for...

30 May, 2022

It’s the GDPR’s 4 Year Anniversary: These are the 4 Biggest Impacts It Has Had on Global Privacy

Europe’s landmark General Data Protection Regulations (GDPR) came into effect (just over) 4 years on...

21 May, 2022

Privacy Awareness Week marketing collateral for the 2022 theme privacy the foundation of trust

Privacy: Building the Foundation of Trust

"Distrust is now society’s default emotion”. This is the no. 1 Takeaway from the 2022...

05 May, 2022

Delayed Data Breach Notification: When is it okay to delay?

Under Australian law, organisations are required to notify the Office of the Australian Information Commissioner...

22 April, 2022

Privacy Shield 2.0 is Coming – But is the new EU-US data transfer mechanism here to stay?

The Whitehouse and EU Commission announced the impending arrival of Privacy Shield 2.0 on 25...

13 April, 2022

What does it take to be a DPO?

The EU General Data Protection Regulation (GDPR) requires certain organisations to appoint a data protection...

29 March, 2022

How to Write a Better Privacy Policy: Best Practices for Privacy Policies

Australia’s Privacy Act 1988 requires APP entities to have a clear and up-to-date privacy policy...

26 March, 2022

China’s PIPL: A Guide to What’s Covered

China’s privacy law, the Personal Information Protection Law (PIPL), came into effect on November 1,...

09 March, 2022

Red Cross Data Breach Exposes Personal Information from the World’s Most Vulnerable

On January 19, the International Committee of the Red Cross (ICRC) published a press release...

18 February, 2022

Australian Privacy Professionals Survey 2021 – Results

Results from our 2021 Privacy Professional Survey are now available. Thank you to everyone who...

31 January, 2022

GDPR Fines in 2021: What can we learn?

EU privacy regulators last year levied fines totalling more than €1 billion for GDPR breaches,...

26 January, 2022

Australia’s Privacy Act Review: Another missed opportunity?

Privacy 108 has submitted its response to the Privacy Act Review Discussion Paper. You can...

25 January, 2022

Australian Privacy Jobs Quarterly Report – December 2021

Privacy 108’s analysis of Australian privacy jobs advertised in December 2021 is now available. Main Findings...

14 January, 2022

Re-introducing the Re-identification Offence Bill: The dumbest privacy idea this year?

The Privacy Act Discussion Paper, the latest stage in the comprehensive review of Australia's Privacy ...

29 December, 2021

Privacy-Enhancing Technologies as the Solution to Eroding Trust: Lessons from the World Economic Forum’s Recent Publication on Consumer (Mis)Trust.

The World Economic Forum (WEF) recently released an article about “How to overcome mistrust of...

23 December, 2021

3 Gamechanging New Year’s Privacy Resolutions for Your Business in 2022

As the new year approaches, it’s time to consider your resolutions for 2022. Business owners...

10 December, 2021

Should small businesses be exempt from the Privacy Act?

In October 2021, the Australian Attorney-General's Department issued a discussion paper seeking further submissions on...

30 November, 2021

Australian Privacy Professionals Survey 2021

In 2019 we ran our first Australian Privacy Professionals Survey. Time has flown and the privacy...

26 November, 2021

Privacy as a Competitive Advantage for Australian Businesses: Why should companies care about data privacy?

While not as well-publicised as greenwashing, consumers and regulators are becoming more aware of the...

26 November, 2021

Getting Started in Privacy: Privacy career skills employers want to see on your CV

Working out how to get hired in a field that is relatively new and constantly...

15 November, 2021

Australian Privacy Jobs Quarterly Report – September 2021

Privacy 108’s analysis of Australian privacy jobs advertised in September 2021 is now available. Main Findings...

26 October, 2021

The Changing Landscape of Cookie Laws in APAC

How are Cookie laws changing in APAC? We recently covered the move away from the use...

25 October, 2021

Australia’s Response to The Uber Privacy Breach: Fallout from Uber Paying Hackers to Conceal a Massive Data Breach

In July 2021, the Australian Privacy Commissioner issued a determination relating to Uber’s well publicised...

28 September, 2021

What is a Privacy Consultant?

Interested in becoming a privacy consultant? Not sure what experience is required or what you...

28 September, 2021

Increasing cyber security requirements: the latest trend in privacy

If you follow our blog posts, you may have noticed a theme emerging over the...

25 August, 2021

China’s new Personal Information Privacy Law: Yet another piece in a complex puzzle

Another piece is added to the jigsaw of China’s privacy and security laws. The Personal...

25 August, 2021

Australian Privacy Jobs Quarterly Report – June 2021

Privacy 108’s analysis of Australian privacy jobs advertised in June 2021 is now available. Main Findings...

17 August, 2021

Privacy by Design: A Future-Focused Privacy Approach for Your Organisation

The constantly changing global privacy landscape may seem overwhelming. More jurisdictions are enacting increasingly robust...

06 August, 2021

Privacy Enhancing Technology: Demystifying Privacy Management Solutions

More organisations are looking at automated solutions to support the efficient management of their privacy...

17 July, 2021

CIPM Certification Careers: Where will the CIPM privacy qualification take you?

We’re seeing more and more Australian employers seeking privacy professionals with relevant certifications. As more...

10 July, 2021

China’s new Data Security Law (DSL): Another piece in a complex puzzle

China has released a new Data Security Law that adds to the existing web of...

08 July, 2021

New AI Regulation in the EU: A risk based approach with teeth

Artificial intelligence (AI) is transforming the world in many aspects. Many countries are considering how...

07 July, 2021

CIPP/E Update: What you need to know

From July 1, 2021 the CIPP/E body of knowledge and exam will be updated. The changes...

30 June, 2021

Privacy Impact Assessments as a Business Tool: Make better decisions with PIAs

Privacy impact assessments are an underutilised tool that organisations can use to enhance data protection...

12 June, 2021

Concluding the Saga? The New SCCs for GDPR-Compliant Third-Party Data Transfers Have Arrived

On 4 June, the European Commission (EC) published its finalised version of the new Standard...

11 June, 2021

Reducing Privacy Risk As You Grow: Business Lessons from the Services NSW Data Breach

Last year, Services NSW suffered data breaches that exposed the personal information of more than...

28 May, 2021

Privacy funding in the 2021 Australian Federal Budget

Was privacy a winner in the 2021 Federal budget? Not really …. Unless you think...

23 May, 2021

Domain 1: The most challenging CIPP/E domain?

Domain 1 questions are the most challenging for the respondents to our on-line CIPP/E. Do you...

22 May, 2021

World-First Enforcement in ACCC v Google: Here’s What You Need To Know

The ACCC has successfully argued that Google engaged in misleading and deceptive conduct in a world-first enforcement proceeding....

22 May, 2021

Digital Privacy in Australia in 2021: 3 Lessons for Australian Businesses from Global Privacy Laws

Global privacy law is undergoing massive change. Different countries are trying to keep up with...

19 May, 2021

Make Privacy A Priority: Privacy Awareness Week in 2021

Privacy Awareness Week (PAW) takes place in the first week of May each year. This...

01 May, 2021

5 Steps to Ensure Your Privacy Policies are Effective

Our earlier article about Flight Centre’s 2017 privacy breach and OAIC investigation received quite a bit of...

22 April, 2021

Securing health information: What can we learn from the OAIC’s assessment of Healthscope?

In November 2020, the OAIC released its report into Healthscope’s security and privacy processes. According...

29 March, 2021

A Quick Guide to Safely Transferring Files – Digitally

The safety of digital files in transit was recently thrown into the spotlight by the Accellion...

25 March, 2021

A solution to the trans-Atlantic data transfer problem: Cryptoloc provides GDPR supplementary measures

Brisbane based Cryptoloc's innovative encryption process may be the supplementary measure your business needs to...

25 March, 2021

A Privacy Glossary With Key Terms for CIPP/E (Plus a Free Quiz!)

The IAPP's Privacy Glossary contains hundreds of essential terms today's privacy professionals need to know. It's constantly changing and, for those new to the profession, might seem overwhelming. We've created this CIPP/E-specific privacy glossary to help you learn and memorise the key terms for your CIPP/E exam (focusing on EU GDPR specific terms). To solidify your learning, we've included a free quiz with many of the key terms so you can test yourself, plus some other great resources.

20 March, 2021

Security

Training

Privacy People

Privacy

Security

Training

Privacy People