Contact

A Privacy Compliance Tool to Overcome Common Privacy Issues You Need to Avoid

Published
16 Aug 2022
Read time
4 min read
Category
Privacy, Security

Compliance with Australia’s Privacy Principles is non-negotiable for organisations covered by Australia’s privacy laws (APP entities). Yet, organisational privacy is complex and time-consuming, and compliance considerations too often fall to the wayside as a result.  

To combat this, we’ve created a list of 5 common APP compliance issues and a powerful tool that assesses and reports on your compliance. 

Overcoming Common APP Privacy Compliance Issues 

We reviewed and summarised recent Privacy Commissioner decisions in an earlier blog post. During our review, we discovered that the top 3 APPs which attracted the most complaints were:   

  1. APP 6: use and disclosure of personal information. 
  2. APP 11: security of personal information.  
  3.  APP 10: failure to take reasonable steps to ensure that personal information is updated and correct. 

We also found that APP 1 investigations were Commissioner instigated. 

5 Steps for Organisations to Improve APP/Privacy Compliance

Based on these findings, APP entities should ensure that they do the following five things (at a minimum) to meet their obligations under the APPS: 

Understand Your Personal Data 

Understanding what personal data you collect, where it comes from, and why you collect it is a critical starting point for any privacy program. You also need to know how the data is used, disclosed, and at which point it is deleted or destroyed. That is to say, you need to understand the data you collect and its lifespan within your organisation.  

It’s also important that, once you understand your data inventory, you map your organisation’s data flows. Again, this is a cornerstone of organisational privacy. Your understanding of your data inventory and data flow map will help your organisation meet its privacy and compliance obligations.  

Implement a Privacy Management System 

Implementing a privacy management system at your organisation is essential for many reasons, including: 

  • APP 1 requires (amongst other things) that APP entities implement practices, procedures, and systems to ensure it complies with the APPs. That is to say, if you’re an APP entity, you are required to implement a privacy management system. 
  • Implementing a privacy management system is the only way to ensure you’re proactively managing your privacy compliance across the organisation. 
  • It gives the board and senior leadership visibility into how privacy risk and compliance are being managed. 

Furthermore, a robust privacy management system transitions your organisation away from a reactive privacy approach to a proactive approach that supports compliance and good governance. 

Undertake a Privacy Impact Assessment for New Systems, Services and Projects 

Any time your organisation considers implementing new systems, services, or projects, your privacy team should undertake a privacy impact assessment at the earliest possible stage. 

A privacy impact assessment identifies and evaluates the potential privacy impacts of new systems, services, and projects. It goes on to identify ways to manage those risks.  

Organisations that habitually request a privacy impact assessment at the earliest possible stage are empowered to build privacy into the new system, service, or project. This puts the organisation in a better position to achieve win-win outcomes with privacy, instead of ‘privacy compliance’ being an expensive task that is simply checked off before launch.  

Train your people 

Human error is the leading cause of privacy breaches in Australia (and in many places worldwide). To combat this, training and awareness are some of the most powerful tools in any APP entity’s belt when it comes to preventing privacy breaches and minimising the resulting harm.  

Training should be provided during the onboarding process and at least annually thereafter. This is because the privacy and security threats your organisation faces are rapidly changing. We are continually seeing increases in the sophistication of phishing, spearphishing, and social engineering attacks on Australian organisations. 

Annual training empowers your employees with the information they need about current trends in privacy and cybersecurity attacks. It also ensures that privacy and security remain top of mind as they make decisions throughout the year.  

Understand Your Legal and Regulatory Privacy Obligations 

If the Privacy Act 1988 covers your organisation, you need to understand your obligations when handling personal information.” – The OAIC 

Ignorance is not an excuse under the law. If you’re unsure whether your organisation complies with the APPs, it’s time to work it out. 

Privacy 108’s APP Compliance Tool is developed by Dr Jodie Siganto as a simple tool to help Australian businesses self-assess their privacy compliance. 

You will receive a comprehensive report delivered to your email, with clear next steps and compliance scoring against the Australian Privacy Principles. 

Complete Your APP Assessment Now

Ready to turn insight into action?
Connect with Privacy 108.

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
Privacy 108 collects your name and contact details to respond to your enquiry and communicate with you about it. If you do not provide this information, we may be unable to respond. We do not disclose this information to third parties. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Jodie Siganto
Privacy, security and training
Jodie is one of Australia’s leading privacy and security experts and the Founder of Privacy 108 Consulting.
Talk to us?
Looking to take your business to the next level? Speak with our experts today!
Contact us
Related articles
  • 1300 41 20 50
  • Level 3, 240 Queen St, Brisbane QLD 4000
  • Ground Floor Reception, 3 Spring St, Sydney NSW 2000
  • PO Box 3295, Yeronga QLD 4104
  • Follow us on LinkedIn
Services
Privacy Risk Management Privacy Impact Assessments AI Governance Privacy Legal Services Research and Policy
Company
About Privacy 108 Our Team Careers Insights Contact Us Privacy Policy Terms & Conditions
Subscribe to our newsletter
Subscribe
Privacy 108 Consulting Pty Ltd ABN 52 600 425 885 is an incorporated legal practice registered with the Queensland Law Society. Liability limited by a scheme approved under Professional Standards Legislation.
We respectfully acknowledge the Traditional Owners of the land we work on and pay our respects to their Elders past, present and future in maintaining the culture, country and their spiritual connection to the land.
© 2026 by Privacy 108 Consulting Pty Ltd. ABN 52 600 425 885
Website by DeeperLook
Subscribe to our Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.