The European Union General Data Protection Regulation (GDPR) of 2016 was the focus of my last post because of its wide-ranging approach to protecting sensitive data. Some aspects of that law are unique and pose unique challenges for business: in particular, the “right to be forgotten,” which Google has challenged. Other GDPR privacy rules match those that have governed Australian data practices for years.
The Privacy Act of 1988 is at the center of Australian data privacy law. The fact that Australia has been regulating data privacy for three decades is surprising, but even more astonishing is the rapid pace of recent regulatory change. Individuals are gaining rights over their data privacy, while institutions scramble to upgrade their compliance.
A major overhaul of the Privacy Act in 2014 added the Australian Privacy Principles (APP). These are a set of thirteen data privacy compliance principles for agencies and organizations that collect any data in Australia, from financial institutions and hospitals to schools and telemarketers.
Even before the APP came into effect, legislators were crafting additional regulations. Last year saw the Privacy Amendment (Notifiable Data Breaches) Bill 2016. This demands accountability from businesses that fail to handle a data breach well. As with the EU GDPR, the rules apply to anyone who does business or collects data in Australia, whether they operate a bank or a gym. It’s still in the implementation phase, but if it had been in effect at the time of the Equifax breach and Australian consumers’ data was compromised, Equifax could have incurred a penalty of A$1.8 million.
Combine this swift-changing regulatory landscape at the national level with a patchwork of regulations in Australia’s states and territories, and you have a testing ground for compliance. Variable and fast-changing regulations are a serious challenge for information security leaders worldwide: 90 countries have some sort of national regulation in place, as do 47 US states. The US National Institute of Standards and Technology’s (NIST) Cyber Security Framework is a strong blueprint for security policy, but actual laws aren’t always aligned with best practices.
Information technology has an awesome power to respond to challenges like this, though. Katabat began from a realization that integration between various parts of an organization would lead to better control over data and business outcomes. Our financial industry roots mean that we have been helping lenders in Australia and all over the world navigate their regulatory compliance obstacles for years. Katabat solutions give security decision makers the power to respond swiftly and accurately to data privacy rule changes. Consistent omnichannel messaging and rock-solid data security practices reassure clients and customers alike.
Ironically, the same qualities that can help a business respond quickly to a security threat also help in navigating regulatory change. Companies need to be nimble in order to keep up and deliver the best, most secure experience. There’s a positive side-effect: integrated systems that enhance strategic control over data security also catalyze strategic success throughout the business.
Data privacy regulations continue to evolve, and as industry professionals our responses must constantly adapt too. Please follow this space as I share perspective on breaking news and trends in the data-protection landscape.
You are always welcome to reach out to me firstname.lastname@example.org to share your thoughts or learn more about Katabat’s industry-leading approach to security.