AISA Position Statement: Mandatory Data Breach Notification in Australia

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "AISA Position Statement: Mandatory Data Breach Notification in Australia"

Transcription

1 AISA Position Statement: Mandatory Data Breach Notification in Australia Overview Although AISA members are broadly in support of mandatory data breach notification in Australia they have a number of concerns relating to the proposal as well as the provisions of the Privacy Act Amendment (Privacy Alerts) Bill 2013: Members generally would have preferred a notification trigger lower than real risk of serious harm and supported notification of any breach resulting from a security failure More detailed guidance on what real risk of serious harm might mean, including examples, would be appreciated In any case, members supported a review of the operation of the trigger after 24 months to assess its appropriateness Members would also have preferred a direct penalty regime for failure to notify in accordance with the provisions There are concerns regarding the ability of those small and medium organisations covered by the Privacy Act 1988 (Cth) to comply with the breach notification provisions In regard to the proposed legislation, AISA is interested in why the notice requirement does not include reference to an interference which would ensure consistency between the notification requirement and the terms of APP11.1. AISA would support the publication by the OAIC of details of reported data breaches to assist in our understanding of the causes, size and extent of privacy breaches in Australia. Detailed Position: AISA has been involved in the debate on the introduction of a mandatory data breach notification (MDBN) requirement in Australia for a number of years. AISA Data Breach Notification Position Paper Page 1

2 Attitudes to MDBN were first tested as part of a 2011 AISA member survey directed at providing high quality information into the Government s cyber security white paper development process. Membership attitudes were tested again in 2012 via a survey which sought responses to a number of questions broadly similar to those raised in the Commonwealth of Australia Attorney-General s Department Discussion Paper Australian Privacy Breach Notification 1 October 2012 (the Privacy Breach Notification Discussion Paper). Survey results included the following: Only 8% of respondents reported that appropriate stakeholders were almost always informed of security breaches. A large majority of respondents had experienced inadequate reporting of security incidents 72% agreed that Australia needs wider data protection laws (to protect data other than personal data). 2 AISA subsequently made a submission in response to the Privacy Breach Notification Discussion Paper based on these survey results (which included responses from 285 members) and feedback from on-line discussions and direct contact from members, which included the following: Support for introduction of MDBN Law: An overwhelming majority of AISA members support the introduction of a data breach notification law. Although AISA recognises that data breach notification does not provide a holistic regulatory response to information security issues, it believes that its introduction will result in the increased awareness of information security failures resulting in data breaches. This will not only raise public awareness but will provide reliable information on data breaches for Government, including the extent, types and causes of breach. As well, it is hoped that, as has been reported in other jurisdictions, data breach legislation will increase management s attention to information security risks, which can result in increased focus on the deployment of appropriate controls. 3 1 < er.pdf> 2 A copy of the November 2012 survey report can be made available on request to 3 See, for example, the State of SMB Cyber Security Readiness: UK Study Prepared by Ponemon Institute, November 2012 which shows that achieving compliance is the main driver for cyber security among the small to medium UK businesses the subject of the survey. Faronics FINAL 1.pdf AISA Data Breach Notification Position Paper Page 2

3 There were concerns from some members around additional costs and compliance burden however it was expected that this would be considered as part of the design of the regulation. Trigger for notification: Real risk of serious harm is the notification trigger that has been adopted in the Privacy Act Amendment (Privacy Alerts) Bill 2013 (Cth) (the Privacy Alerts Bill). The AISA member view was that a lower trigger for notification should be introduced and that any trigger should specifically incorporate the concept of notification when a breach of data security has occurred. AISA confirms its opinion that the notification trigger is too high. As well, AISA members strongly support the issuance by the Office of the Australian Information Commission (OAIC) of appropriate and more detailed guidance as to the meaning of the term real risk of serious harm. It was the members view that there should be a review of any trigger after 24 months of operation to assess its efficacy, in terms of the objectives of the data breach notification law. Given the selection of real risk of serious harm as the notification trigger in the Privacy Alerts Bill, AISA would re-iterate the benefits of a review of the operation of the legislation. AISA in particular would be keen to engage with the OAIC or Attorney General s Department in carrying out such a review. Penalties or sanctions for failure to notify: The survey results supported that in the view of AISA members any penalties should be more than nominal and should be relative to the severity of the breach (in terms of the type of information compromised or the likely harm). Although we note that serious and repeated offences may lead to the application of penalties, it would still be AISA s view that penalties should apply in any case where there is a failure to report a data breach where there is a real risk of serious harm. Also, the penalty should discourage organisations from electing to pay a fine rather than protecting the data to prevent subsequent breaches. Inclusion of MDBN in Privacy Act: Although members did not necessarily oppose the inclusion of MDBN law in the Privacy Act 1988 (Cth), members were concerned about the application of those provisions to SMEs. Members were of the view that consideration should be given to the issues and challenges of compliance by SMEs (to the extent that they are covered by the Act). AISA Data Breach Notification Position Paper Page 3

4 Response to Privacy Act Amendment (Privacy Alerts) Bill 2013 (Cth) In regard to specific provision of the Privacy Alerts Bill, in addition to the point already noted above, AISA is of the view that information on both the details of reported data breaches (including the source of the breach, the industry sector and number of individuals affected) plus individual case details should be made public. The OAIC should be obliged to publish or require the publication of both case details and statistics in an efficient, searchable public online register, online permanently. General Discussion PMC Cyber Security 2011 Submissions. In addition to responding to the questions raised specifically in the Data Breach Notification Discussion Paper, AISA would also like to re-iterate a number of submissions included in the AISA response to the PMC Cyber Security discussion paper, which have some relevance to the issue of data breach notification. In particular, we confirm the strong view of a number of AISA members that data breach notification by itself will not solve all the problems of inadequate information security that have already been referred to. The submissions made in response to the PMC Cyber Security discussion paper (which were based on the responses to the AISA Survey 2011) included the following: Regulation of Information Security Practices: Legislation should address the adequate protection of all information, extending beyond the protection of personal information. Any information should be protected if that information could lead to a gain by deception (fraud), or loss/impact to the others. Support of Standards Development: The Government should provide additional resources for Standards Australia to participate in international efforts to develop better information security standards. Support of other de facto standards bodies should also be considered. The ICT Industry lacks adequate information security Skills: Security is often misunderstood by business, and is frequently left to technologists to deploy tactical solutions. Moreover, the security speciality is seen as a separate skillset and the majority of the ICT workforce doesn t know enough about incorporating security into ICT life cycles, roles and responsibilities and linking business objectives to ICT operations. Security should be an integral part of all information systems procurement, design and development and not perceived purely AISA Data Breach Notification Position Paper Page 4

5 as a separate discipline. This is unlikely to happen until security is a part of the training for all ICT professionals, and endorsed by business management. The Government should require all Universities and colleges to include and integrate security principals and skills in their IT courses; both within existing modules and as standalone electives. AISA The Australian Information Security Association (AISA) is an Australian representative industry body for the information security profession. Formed in 1999, AISA is focused on individual professional membership with a current membership of 1700 security specialists. AISA aims to foster and promote the development of information security professionals and the security of the ICT industry. Our broad membership base consists of information security professionals from all industries including education, finance, government, healthcare, manufacturing, mining, oil and gas, transportation, and utilities. Our members range from company directors and managers, lawyers, risk professionals, architects, highly skilled technical security specialists, professors and researchers. On behalf of the Policy Committee Benn Dullard National Director Australian Information Security Association Contacts and Further Information Gary Gaskell AISA Policy Committee Chair Phone Benn Dullard AISA National Director Ph AISA Data Breach Notification Position Paper Page 5

Cyber-safety for Senior Australians. Inquiry Submission

Cyber-safety for Senior Australians. Inquiry Submission SUBMISSION NO. 32 Cyber-safety for Senior Australians Inquiry Submission The AISA Response to the Parliament s Joint Select Committee s call for submissions Date 23 March 2012 Page 1 Executive Summary:

More information

Cyber Whitepaper Submission

Cyber Whitepaper Submission Cyber Whitepaper Submission The AISA Response to the Department of the Prime Minister and Cabinet s Connecting with Confidence discussion paper Date 14 November 2011 Page 1 Executive Summary: As Australia

More information

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department

Data Breach Notifications. Submission by the Australian Communications Consumer Action Network to the Attorney General s Department Data Breach Notifications Submission by the Australian Communications Consumer Action Network to the Attorney General s Department November 2012 About ACCAN The Australian Communications Consumer Action

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

www.corrs.com.au OFFSHORING Data the new privacy laws

www.corrs.com.au OFFSHORING Data the new privacy laws www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of

More information

Personally Controlled Electronic Health Record System: Legislation Issues Paper

Personally Controlled Electronic Health Record System: Legislation Issues Paper Personally Controlled Electronic Health Record System: Legislation Issues Paper Introduction The AMA has reviewed the Personally Controlled Electronic Health Record System: Legislation Issues Paper. The

More information

Policy Statement on. Associations. Eligibility to apply for a Scheme under Professional Standards Legislation May 2014

Policy Statement on. Associations. Eligibility to apply for a Scheme under Professional Standards Legislation May 2014 Policy Statement on on Code Business of Conduct Entity Associations Eligibility to apply for a Scheme under Professional Standards Legislation May 2014 Table of Contents Professional Standards Council

More information

erisks Policyholder s Guide to Privacy & Security Breach Response Planning

erisks Policyholder s Guide to Privacy & Security Breach Response Planning erisks Policyholder s Guide to Privacy & Security Breach Response Planning Professional Indemnity Financial Institutions Directors & Officers Management Liability Medical Malpractice Media Liability Level

More information

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework

Department of the Premier and Cabinet Circular. PC030 Protective Security Policy Framework Department of the Premier and Cabinet Circular PC030 Protective Security Policy Framework February 2012 PROTECTIVE SECURITY MANAGEMENT FRAMEWORK TABLE OF CONTENTS TABLE OF CONTENTS 2 1. PURPOSE 3 2. SCOPE

More information

Supplementary Policy on Data Breach Notification Legislation

Supplementary Policy on Data Breach Notification Legislation http://www.privacy.org.au Secretary@privacy.org.au http://www.privacy.org.au/about/contacts.html 4 May 2013 Supplementary Policy on Data Breach Notification Legislation Introduction It has been reported

More information

Cyber security: A major issue for Australian business

Cyber security: A major issue for Australian business Cyber Security: A major issue for Australian business: February 2016 1 Cyber security: A major issue for Australian business Contents Introduction and background Is your industry particularly vulnerable

More information

Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 Regulation Impact Statement

Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 Regulation Impact Statement Privacy Amendment (Notification of Serious Data Breaches) Bill 2015 Regulation Impact Statement Regulation Impact Statement i Contents Background... 1 Australian Law Reform Commission Report on Privacy...

More information

Queensland Taxi Security Camera Program Changes

Queensland Taxi Security Camera Program Changes Queensland Taxi Security Camera Program Changes Frequently Asked Questions GENERAL INFORMATION 1. What is the taxi security camera program? It is a program administered by the Department of Transport and

More information

Mandatory data breach notification in the ehealth record system

Mandatory data breach notification in the ehealth record system Mandatory data breach notification in the ehealth record system Draft September 2012 A guide to mandatory data breach notification under the personally controlled electronic health record system Contents

More information

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au.

1.4 For information about our management of your other personal information, please see our Privacy Policy available at www.iba.gov.au. Indigenous Business Australia Credit Information Policy 1 Purpose and application of this policy 1.1 This credit reporting policy (Credit Information Policy) describes and establishes how Indigenous Business

More information

Submission to the Treasury in response to the Discussion Paper Options for improving the Unclaimed Bank Account and Life Insurance Money Provisions

Submission to the Treasury in response to the Discussion Paper Options for improving the Unclaimed Bank Account and Life Insurance Money Provisions Submission to the Treasury in response to the Discussion Paper Options for improving the Unclaimed Bank Account and Life Insurance Money Provisions Submission to the Treasury 18 July 2014 Privacy Commissioner,

More information

Joint Statement of Principles for Professional Accreditation

Joint Statement of Principles for Professional Accreditation Universities Australia and Professions Australia Joint Statement of Principles for Professional Accreditation 9 March 2016 Preamble Professions Australia and Universities Australia, and the members of

More information

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES

COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES COMPLIANCE FRAMEWORK AND REPORTING GUIDELINES DRAFT FOR CONSULTATION June 2015 38 Cavenagh Street DARWIN NT 0800 Postal Address GPO Box 915 DARWIN NT 0801 Email: utilities.commission@nt.gov.au Website:

More information

Chiropractic Boards response 15 December 2008

Chiropractic Boards response 15 December 2008 NATIONAL REGISTRATION AND ACCREDITATION SCHEME FOR THE HEALTH PROFESSIONS Chiropractic Boards response 15 December 2008 CONSULTATION PAPER Proposed arrangements for accreditation Issued by the Practitioner

More information

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include:

The kinds of personal information we collect and hold vary depending on the services we are providing, but generally can include: ABN 47 001 768 190 AFSL 244526 Our Privacy Policy At Capital Insurance Brokers, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

Submission in response to the Life Insurance and Advice Working Group Interim Report on Retail Life Insurance

Submission in response to the Life Insurance and Advice Working Group Interim Report on Retail Life Insurance 30 January 2015 Mr John Trowbridge Chairman Life Insurance and Advice Working Group Email: submissions@trowbridge.com.au Dear Mr Trowbridge, Submission in response to the Life Insurance and Advice Working

More information

Submission. Ministry of Economic Development. Draft Insolvency Law Reform Bill Discussion Document. to the. on the

Submission. Ministry of Economic Development. Draft Insolvency Law Reform Bill Discussion Document. to the. on the Submission by to the Ministry of Economic Development on the Draft Insolvency Law Reform Bill Discussion Document 11 June 2004 PO Box 1925 Wellington Ph: 04 496 6555 Fax: 04 496 6550 1. INTRODUCTION 1.1.

More information

Information Security Risks when going cloud. How to deal with data security: an EU perspective.

Information Security Risks when going cloud. How to deal with data security: an EU perspective. Separating fact from fiction about new software licensing /SaaS/ cloud computing models: advantages, disadvantages and ethical implications. Information Security Risks when going cloud. How to deal with

More information

Preliminary Privacy Impact Assessment of the National Facial Biometric Matching Capability - Interoperability Hub

Preliminary Privacy Impact Assessment of the National Facial Biometric Matching Capability - Interoperability Hub December 2015 Preliminary Privacy Impact Assessment of the National Facial Biometric Matching Capability - Interoperability Hub Attorney-General s Department Response Identity crime is one of the most

More information

Credit Reporting Data Management Policy

Credit Reporting Data Management Policy Credit Reporting Data Management Policy TDJ Australia Pty Ltd ACN 006 385 191(collectively, TDJ, we, our or us ) is committed to the protection of personal privacy within the scope of applicable law. This

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Cloud Computing and Records Management

Cloud Computing and Records Management GPO Box 2343 Adelaide SA 5001 Tel (+61 8) 8204 8773 Fax (+61 8) 8204 8777 DX:336 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Cloud Computing and Records Management June 2015 Version 1 Version

More information

FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE

FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE FINANCIAL LINES ACE ELITE PLUS MANAGEMENT LIABILITY INSURANCE 00 The ACE Elite Plus Management Liability policy features coverage and benefits designed to address the serious risks confronting private

More information

Improving the ACT Building Regulatory System

Improving the ACT Building Regulatory System Improving the ACT Building Regulatory System Schedule of individual reform proposals Proposal Consultation responses Response Act/Regulation Design and Documentation 1.1 Minimum Design Documentation Guidelines

More information

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework.

La Trobe University is committed to maintaining a comprehensive and effective Compliance Framework. La Trobe University Compliance Framework Introduction The Compliance Framework documents the system and Compliance Process through which La Trobe University can monitor, review and comply with its legislative

More information

Council of Financial Regulators: Review of Financial Market Infrastructure Regulation

Council of Financial Regulators: Review of Financial Market Infrastructure Regulation 1 December 2011 Manager, Financial Markets Unit Corporations and Capital Markets Division The Treasury Langton Crescent PARKES ACT 2600 By email: CFR-Review-FMI@treasury.gov.au Dear Treasury Council of

More information

Australian Charities and Not-for-profits Commission: Regulatory Approach Statement

Australian Charities and Not-for-profits Commission: Regulatory Approach Statement Australian Charities and Not-for-profits Commission: Regulatory Approach Statement This statement sets out the regulatory approach of the Australian Charities and Not-for-profits Commission (ACNC). It

More information

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA ACS CLOUD COMPUTING CONSUMER PROTOCOL Response from AIIA AUGUST 2013 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic

More information

Audit summary of Security of Infrastructure Control Systems for Water and Transport

Audit summary of Security of Infrastructure Control Systems for Water and Transport V I C T O R I A Victorian Auditor-General Audit summary of Security of Infrastructure Control Systems for Water and Transport Tabled in Parliament 6 October 2010 Background Infrastructure critical to the

More information

Submission to the Australian Government Attorney-General s Department, the Honourable Robert McClelland MP

Submission to the Australian Government Attorney-General s Department, the Honourable Robert McClelland MP Submission to the Australian Government Attorney-General s Department, the Honourable Robert McClelland MP Reform of Commonwealth legal service purchasing proposals 6 June 2008 Public Interest Law Clearing

More information

Accreditation of qualifications for registration as an oral health practitioner

Accreditation of qualifications for registration as an oral health practitioner Accreditation of qualifications for registration as an oral health practitioner Purpose Approved by the Dental Council: August 2005 Updated: May 2008 Governance Structure Update: 8 August 2011 Updated:

More information

DISCUSSION PAPER: GREY AREAS - AGE BARRIERS TO WORK IN COMMONWEALTH LAWS

DISCUSSION PAPER: GREY AREAS - AGE BARRIERS TO WORK IN COMMONWEALTH LAWS Professor Rosalind Croucher President Australian Law Reform Commission GPO Box 3708 SYDNEY NSW 2000 30 November 2012 Via email: age_barriers_to_work@alrc.gov.au Dear Professor Croucher DISCUSSION PAPER:

More information

NAPCAN s strategy is to bring about the changes necessary in individual and community behaviour to stop child abuse and neglect before it starts by:

NAPCAN s strategy is to bring about the changes necessary in individual and community behaviour to stop child abuse and neglect before it starts by: The Director Cyber Safety Policy and Programs Department of Communications GPO Box 2154 CANBERRA ACT 2601 Dear Director, Re: Discussion Paper on Enhancing Online Safety for Children NAPCAN (National Association

More information

ACT Justice and Community Safety portfolio: Open and transparent management of personal information

ACT Justice and Community Safety portfolio: Open and transparent management of personal information ACT Justice and Community Safety portfolio: Open and transparent management of personal information Privacy assessment report Territory Privacy Principles 1.3, 1.4 and 1.5 Assessment undertaken: November

More information

Cyber Threats and the Insurance Response

Cyber Threats and the Insurance Response Cyber Threats and the Insurance Response Scott Reeves & Laurence Yan Munich Reinsurance Company This presentation has been prepared for the Actuaries Institute 2014 General Insurance Seminar. The Institute

More information

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0

ADRI. Advice on managing the recordkeeping risks associated with cloud computing. ADRI-2010-1-v1.0 ADRI Advice on managing the recordkeeping risks associated with cloud computing ADRI-2010-1-v1.0 Version 1.0 29 July 2010 Advice on managing the recordkeeping risks associated with cloud computing 2 Copyright

More information

Guidance on data security breach management

Guidance on data security breach management Guidance on data security breach management Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction

More information

Guide to the National Safety and Quality Health Service Standards for health service organisation boards

Guide to the National Safety and Quality Health Service Standards for health service organisation boards Guide to the National Safety and Quality Health Service Standards for health service organisation boards April 2015 ISBN Print: 978-1-925224-10-8 Electronic: 978-1-925224-11-5 Suggested citation: Australian

More information

what your business needs to do about the new HIPAA rules

what your business needs to do about the new HIPAA rules what your business needs to do about the new HIPAA rules Whether you are an employer that provides health insurance for your employees, a business in the growing health care industry, or a hospital or

More information

Defendants charged with serious violent and sexual offences (including murder)

Defendants charged with serious violent and sexual offences (including murder) Bail Amendment Bill Q+A Defendants charged with serious violent and sexual offences (including murder) How is the Government changing bail rules for defendants charged murder? The Government thinks that

More information

Disability Action Plan

Disability Action Plan Disability Action Plan The LIV Disability Action Plan aims to: provide equal opportunity for people with disabilities to participate in and contribute to the full range of activities of the LIV; promote

More information

Guide to Assessment and Rating for Regulatory Authorities

Guide to Assessment and Rating for Regulatory Authorities Guide to Assessment and Rating for Regulatory Authorities January 2013 Copyright The details of the relevant licence conditions are available on the Creative Commons website (accessible using the links

More information

PwC Submission Serious Data Breach Notification Consultation

PwC Submission Serious Data Breach Notification Consultation www.pwc.com.au PwC Submission Serious Data Breach Notification Consultation March 2016 Submission to the Serious Data Breach Notification Your details Consultation Name/organisation (if you are providing

More information

Mitigating and managing cyber risk: ten issues to consider

Mitigating and managing cyber risk: ten issues to consider Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed

More information

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks

Data Security Breaches: Learn more about two new regulations and how to help reduce your risks Data Security Breaches: Learn more about two new regulations and how to help reduce your risks By Susan Salpeter, Vice President, Zurich Healthcare Risk Management News stories about data security breaches

More information

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31 THE MORAY COUNCIL Guidance on data security breach management Information Assurance Group DRAFT Based on the ICO Guidance on data security breach management under the Data Protection Act 1 Document Control

More information

Financial Planner Remuneration

Financial Planner Remuneration Consultation Paper Financial Planner Remuneration April 2009 Submissions due Friday 29 May 2009 professional.standards@fpa.asn.au Foreword In the last few years the FPA has undertaken a significant process

More information

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS 2 PROPOSAL 1.1 It is now widely recognised that one of the causes of the international financial

More information

AER reference: 52454; D14/54321 ACCC_09/14_865

AER reference: 52454; D14/54321 ACCC_09/14_865 Commonwealth of Australia 2014 This work is copyright. In addition to any use permitted under the Copyright Act 1968, all material contained within this work is provided under a Creative Commons Attribution

More information

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH

NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH NATIONAL PARTNERSHIP AGREEMENT ON E-HEALTH Council of Australian Governments An agreement between the Commonwealth of Australia and the States and Territories, being: The State of New South Wales The State

More information

Overview of the Impact of the Privacy Reforms on Credit Reporting

Overview of the Impact of the Privacy Reforms on Credit Reporting Overview of the Impact of the Privacy Reforms on Credit Reporting June 2012 Andrew Galvin, Partner 1 OVERVIEW 1.1 Credit Reporting Reform - Background When initially passed, the Privacy Act 1988 essentially

More information

2013-2014-2015 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES/THE SENATE

2013-2014-2015 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES/THE SENATE 2013-2014-2015 THE PARLIAMENT OF THE COMMONWEALTH OF AUSTRALIA HOUSE OF REPRESENTATIVES/THE SENATE PRIVACY AMENDMENT (NOTIFICATION OF SERIOUS DATA BREACHES) BILL 2015 EXPLANATORY MEMORANDUM (Circulated

More information

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES

AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES AUSTRALIA S NEW PRIVACY LAWS - WHAT LAWYERS NEED TO KNOW ABOUT THEIR OWN PRACTICES http://www.lawcouncil.asn.au The Privacy Commissioner has welcomed the Law Council s initiative in producing this overview.

More information

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010

QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 About Healthcare Identifiers QUESTIONS AND ANSWERS HEALTHCARE IDENTIFIERS BILL 2010 Q1. What is the Healthcare Identifiers Service? The Healthcare Identifiers (HI) Service will implement and maintain a

More information

Attachment G.18. SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change. 03 July, 2015

Attachment G.18. SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change. 03 July, 2015 Attachment G.18 SAPN_PUBLIC_IT Enterprise Information Security Business Case Step Change 03 July, 2015 Table of contents 1 Executive summary... 3 2 SA Power Networks Original Proposal... 11 2.1 Summary...

More information

Memorandum of Understanding. Department of Justice and Attorney-General. Department of Transport and Main Roads. between the.

Memorandum of Understanding. Department of Justice and Attorney-General. Department of Transport and Main Roads. between the. Memorandum of Understanding between the Department of Justice and Attorney-General and the Department of Transport and Main Roads June 2010 Table of contents Part 1 - Introduction... 3 Legislative scope...

More information

International money transfers public interest determination applications. Consultation paper

International money transfers public interest determination applications. Consultation paper International money transfers public interest determination applications Consultation paper Closing date for comment 4 August 2014 Purpose of consultation paper The Office of the Australian Information

More information

Privacy and the Internet AUSTRALIAN ATTITUDES TOWARDS PRIVACY IN THE ONLINE ENVIRONMENT

Privacy and the Internet AUSTRALIAN ATTITUDES TOWARDS PRIVACY IN THE ONLINE ENVIRONMENT APRIL MAY 2011 2012 ISSUE ISBN 40 978-1-922017-02-4 ISBN XXX-X-XX-XXXXXX-X Privacy and the Internet AUSTRALIAN ATTITUDES TOWARDS PRIVACY IN THE ONLINE ENVIRONMENT Key Findings 85% of online Australians

More information

Privacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next!

Privacy Update for Australian Government Agencies. What we've seen in the first 12 months of the new APPs and what's next! Privacy Update for Australian Government Agencies What we've seen in the first 12 months of the new APPs and what's next! Presented by Sharon Rowe and Alec Christie Canberra, 31 March 2015 What we are

More information

Guidance on data security breach management

Guidance on data security breach management ICO lo Guidance on data security breach management Data Protection Act Contents... 1 Data Protection Act... 1 Overview... 1 Containment and recovery... 2 Assessing the risks... 3 Notification of breaches...

More information

Speech Pathology Australia. Options for regulation of unregistered health practitioners

Speech Pathology Australia. Options for regulation of unregistered health practitioners Speech Pathology Australia Response to: Consultation paper: Options for regulation of unregistered health practitioners (February 2011) Australian Health Ministers Advisory Council Response date: Response

More information

Review of the Tasmanian Building Regulatory Framework. Response from the Board of Architects of Tasmania

Review of the Tasmanian Building Regulatory Framework. Response from the Board of Architects of Tasmania Review of the Tasmanian Building Regulatory Framework Response from the September 2014 1. Introduction The Board of Architects commends the Department of Justice for reviewing this industry framework which

More information

NATIONAL COMPLIANCE AND ENFORCEMENT POLICY

NATIONAL COMPLIANCE AND ENFORCEMENT POLICY 1. Introduction NATIONAL COMPLIANCE AND ENFORCEMENT POLICY The Commonwealth, state and territory governments have agreed to harmonised work health and safety laws to improve work health and safety, provide

More information

Risk management systems of responsible entities: Further proposals

Risk management systems of responsible entities: Further proposals CONSULTATION PAPER 263 Risk management systems of responsible entities: Further proposals July 2016 About this paper This paper sets out our proposals to provide guidance to responsible entities on our

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

INVESTIGATION REPORT 173-2015

INVESTIGATION REPORT 173-2015 Saskatchewan Government Insurance November 12, 2015 Summary: Saskatchewan Government Insurance (SGI) proactively reported to the Office of the Information and Privacy Commissioner (OIPC) that it had received

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY R.A.C.V. Finance Limited PRIVACY AND CREDIT REPORTING POLICY Page 1 Contents 1. Introduction to RACV Finance Privacy and Credit Reporting Policy (the Policy ). 3 2. The Legislative Framework... 3 3. Types

More information

Westpac Business Debit MasterCard Application

Westpac Business Debit MasterCard Application Westpac Business Debit MasterCard Application Westpac Banking Corporation ABN 33 007 457 141 AFSL and Australian credit licence 233714 In order to apply for a Westpac Business Debit MasterCard, the following

More information

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper

Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper Submission in Response to the Personally Controlled Electronic Health Record System: Legislation Issues Paper August 2011 About National Seniors Australia With a quarter of a million individual members

More information

Chapter 7: Australian Privacy Principle 7 Direct marketing

Chapter 7: Australian Privacy Principle 7 Direct marketing Chapter 7: APP 7 Direct marketing Version 1.0, February 2014 Chapter 7: Australian Privacy Principle 7 Direct marketing Version 1.0, February 2014 Key points... 2 What does APP 7 say?... 2 Direct marketing...

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

Postcode: Postcode: Australia Business Number (ABN):

Postcode: Postcode: Australia Business Number (ABN): New client form Name of your AJ Park contact: Account name: Trading name: Full name of contact person: Mobile: Street address: Postcode: Postal address (if different from street address): Postcode: Phone:

More information

AMA NSW AND ASMOF NSW Submission on Health Practitioners Regulation National Law

AMA NSW AND ASMOF NSW Submission on Health Practitioners Regulation National Law AMA NSW AND ASMOF NSW Submission on Health Practitioners Regulation National Law This submission is filed jointly on behalf of AMA NSW and ASMOF NSW. We note the submission of the Australian Medical Association

More information

Australian Privacy Principle 7 direct marketing

Australian Privacy Principle 7 direct marketing Australian Privacy Principle 7 direct marketing Chapter 7 Draft version, September 2013 Key points... 2 What does APP 7 say?... 2 What is direct marketing?... 3 When are agencies covered by APP 7?... 4

More information

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014

Data Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014 Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware

More information

Module 4. Risk assessment for your AML/CTF program

Module 4. Risk assessment for your AML/CTF program Module 4 Risk assessment for your AML/CTF program AML/CTF Programs Risk assessment for your AML/CTF program Page 1 of 27 Module 4 Risk assessment for your AML/CTF program Risk assessment for your AML/CTF

More information

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence

EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32. A call for views and evidence EU Directive on Network and Information Security SWD(2013) 31 & SWD(2013) 32 A call for views and evidence 22 nd May 2013 Contents Contents... 2 Overview: The EU Directive on Network and Information Security...

More information

Australian Retail Credit Association Authorisation A91482 - Principles of Reciprocity & Data Exchange

Australian Retail Credit Association Authorisation A91482 - Principles of Reciprocity & Data Exchange 1 April 2015 Dr Richard Chadwick General Manager Adjudication Branch Australian Competition & Consumer Commission By email: adjudication@accc.gov.au Dear Dr Chadwick, Australian Retail Credit Association

More information

Corporate Policy and Strategy Committee

Corporate Policy and Strategy Committee Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset

More information

Carriers Insurance Brokers Pty. Limited

Carriers Insurance Brokers Pty. Limited Our Privacy Policy At Carriers Insurance Brokers Pty. Limited, ABN 66 001 609 936, we are committed to protecting your privacy in accordance with the Privacy Act 1988 (Cth) (Privacy Act) and the Australian

More information

3. Structuring your company in the UK

3. Structuring your company in the UK 3. Structuring your company in the UK 3.1 Making sure the law is on your side The legal framework governing company registration in the UK The primary legislation governing the incorporation and registration

More information

Principal Members. February 1, 2007. Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616

Principal Members. February 1, 2007. Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616 February 1, 2007 Principal Members Review of Australia s Consumer Policy Framework Productivity Commission PO Box 1428 Canberra ACT 2616 Via email: consumer@pc.gov.au The Australasian Compliance Institute

More information

COAG National Legal Profession Reform Discussion Paper: Trust money and trust accounting

COAG National Legal Profession Reform Discussion Paper: Trust money and trust accounting COAG National Legal Profession Reform Discussion Paper: Trust money and trust accounting Purpose The purpose of this Paper is to outline the Taskforce s preferred approach to regulation of trust money

More information

Certificate IV in Property Services (Real Estate) CPP40307. Unit Descriptions & Evidence Required to Demonstrate Competency

Certificate IV in Property Services (Real Estate) CPP40307. Unit Descriptions & Evidence Required to Demonstrate Competency Certificate IV in Property Services (Real Estate) CPP40307 Unit Descriptions & Evidence Required to Demonstrate Competency Agenda Course Description... 3 Pathways Information... 3 Entry Requirements...

More information

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT

DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT DATA PROTECTION (JERSEY) LAW 2005 GUIDANCE ON DATA SECURITY BREACH MANAGEMENT GD21 2 DATA PROTECTION (JERSEY) LAW 2005: GUIDANCE ON DATA SECURITY BREACH MANAGEMENT Introduction Organisations which process

More information

COMPLIANCE ALERT 10-12

COMPLIANCE ALERT 10-12 HAWAII HEALTH SYSTEMS C O R P O R A T I O N "Touching Lives Every Day COMPLIANCE ALERT 10-12 HIPAA Expansion under the American Recovery and Reinvestment Act of 2009 The American Recovery and Reinvestment

More information

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians

Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians Submission to Standing Senate Committee on the Environment, Communications and the Arts on the adequacy of protections for the privacy of Australians online August 2010 1 1. Introduction The Australian

More information

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol). Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the

More information

INSURANCE STANDARDS 20 May 2009

INSURANCE STANDARDS 20 May 2009 1. APPLICATION OF STANDARDS INSURANCE STANDARDS 20 May 2009 1.1 All members of Engineers Australia who are members of the Engineering Science and Technology Professional Standards Society (ESTPSS) (the

More information

Public consultation paper

Public consultation paper Public consultation paper September 2013 Proposed expanded endorsement for scheduled medicines Draft Registration standard for endorsement of registered nurses and/or registered midwives to supply and

More information

Information Security Incident Management Policy September 2013

Information Security Incident Management Policy September 2013 Information Security Incident Management Policy September 2013 Approving authority: University Executive Consultation via: Secretary's Board REALISM Project Board Approval date: September 2013 Effective

More information

HOW TO BECOME AN APPROVED PROVIDER OF WHS ENTRY PERMIT HOLDER (WHS-EPH) TRAINING IN SOUTH AUSTRALIA. WHS-EPH Training Course Guidance

HOW TO BECOME AN APPROVED PROVIDER OF WHS ENTRY PERMIT HOLDER (WHS-EPH) TRAINING IN SOUTH AUSTRALIA. WHS-EPH Training Course Guidance HOW TO BECOME AN APPROVED PROVIDER OF WHS ENTRY PERMIT HOLDER (WHS-EPH) TRAINING IN SOUTH AUSTRALIA WHS-EPH Training Course Guidance Contents INTRODUCTION... 4 PURPOSE... 5 WHS-EPH Training Course Requirements...

More information

Entrepreneurs Programme - Business Evaluation. Version: 3

Entrepreneurs Programme - Business Evaluation. Version: 3 Entrepreneurs Programme - Business Evaluation Version: 3 20 October 2015 Contents 1 Purpose of this guide... 4 2 Programme overview... 4 2.1 Business Management overview... 4 3 Business Evaluations...

More information