ARTICLE
3 May 2023

Privacy Awareness Week Part I - The State Of Play

KG
K&L Gates

Contributor

K&L Gates logo
At K&L Gates, we foster an inclusive and collaborative environment across our fully integrated global platform that enables us to diligently combine the knowledge and expertise of our lawyers and policy professionals to create teams that provide exceptional client solutions. With offices spanning across five continents, we represent leading global corporations in every major industry, capital markets participants, and ambitious middle-market and emerging growth companies. Our lawyers also serve public sector entities, educational institutions, philanthropic organizations, and individuals. We are leaders in legal issues related to industries critical to the economies of both the developed and developing worlds—including technology, manufacturing, financial services, health care, energy, and more.
Explore
The theme of this year's Privacy Awareness Week (PAW) is "back to basics".
Australia Privacy
Person photo placeholder
Person photo placeholder
Photo of Stephanie Mayhew
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

The theme of this year's Privacy Awareness Week (PAW) is "back to basics". It's fitting to consider some lessons arising from recent high-profile breaches affecting millions of Australians, and the consistent messages we've been hearing from the Australian Information Commissioner in the midst of those incidents.

Data breaches can happen to anyone. We know cyberattacks can be big business, and sophisticated criminal networks make a good living from these. And if your organisation has taken reasonable steps to avoid or mitigate such breaches, the fact you've encountered one will not, of itself, be held against you.

However after recent prominent incidents, we've noticed the OAIC raising time and again two basic tenets of the APPs:

  • only collect the minimum amount of personal information required for a particular purpose; and
  • delete (or de-identify) that information as soon as it is no longer needed.

Initially collecting, and then holding onto, larger sets of data than you need will clearly increase the risk when a data breach occurs - the hackers will have access to a larger dataset and more opportunity to cause harm.

Recent data breaches have reportedly involved customers' identity records and other information being held for more than a decade, and some of these have occurred after the maximum penalty for serious privacy breaches was raised in December to more than $50m per contravention. It will be interesting to watch the outcome of the regulator's enquiries: the OAIC has either commenced preliminary inquiries or opened investigations (see here and here) into several high profile recent incidents.

It's worth a nuanced examination of the justifications for data you collect and retain, with experienced privacy practitioners able to assist from daily experience. The OAIC's repeated warnings should be heeded - and careful application of these principles will reduce your target if things do go wrong!

K&L Gates is a proud supporter of PAW, read more about PAW at the OAIC's 2023 resource.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Person photo placeholder
Cameron Abbott
Person photo placeholder
Rob Pulham
Photo of Stephanie Mayhew
Stephanie Mayhew
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More