Australian Privacy Act

This Act mandates how organizations handle the personal data of Australian citizens, regardless of where those organizations are located.

Get a Demo Talk to an Expert

The Australian Privacy Act governs how organizations handle the personal data of Australian citizens—no matter where the organization is located. Penalties for non-compliance are now severe: up to A$50 million or 30% of adjusted turnover for serious or repeated breaches, with mid-tier fines reaching A$3.3 million for corporations and A$330,000 for lower-level violations. Reputational damage can be just as costly, as seen in the A$5.8 million penalty issued against Australian Clinical Labs after a major breach.

Maximum penalties remain A$50 million or 30% of annual turnover, while new mid-tier fines address lesser breaches. Mandatory notification rules continue to require organizations to alert affected individuals and the OAIC within 30 days. Some key points to keep in mind about this Act:

  • Your business must follow the Australian Privacy Principles (APPs), including lawful collection, clear notice, limited use and disclosure, strong security, and rights of access and correction.
  • Organizations will need to make sure that those affected, as well as the information commissioner, are informed within 30 days of a data breach occurring.
  • Failing to notify the OAIC (or affected individuals) when required can be treated as an “interference with privacy.” Not reporting a breach can lead to substantial fines, depending on how the OAIC classifies the failure.
  • The act is not just applicable to organizations based in Australia, but to any organization globally that holds data on Australian citizens.

Fortra Solutions for Navigating Australia’s Evolving Privacy Landscape

Fortra Data Loss Prevention and Fortra Data Classification can support your organization meet the requirements in the Australian Privacy Act.

Fortra Data Loss Prevention

Data Encryption

Encrypts personal information both in transit and at rest, safeguarding data from unauthorized access and breaches.

Audit and Reporting

Provides detailed audit trails and reporting capabilities, making it easier to demonstrate compliance during audits and respond to any incidents involving personal information. 

Automated Policy Enforcement

Enforces data protection policies automatically, reducing the risk of accidental or intentional data misuse and ensuring ongoing compliance with the Australian Privacy Act.

Incident Response Support

Enables quick detection and response to data breaches, helping to meet mandatory breach notification requirements under the Act. 

Fortra Data Classification

Protect Sensitive Information

Ensures confidential and sensitive data is properly controlled to prevent unauthorized access or misuse.

Simplify Data Handling

Uses visual and metadata labels to classify information and highlight any special handling requirements.

Promote Compliance Awareness

Helps users recognize personal and sensitive data, ensuring content is handled according to corporate policies.

Strengthen Security Controls

Leverages metadata labels to enable solutions like encryption, DLP, and secure collaboration for enhanced protection.

Support Audit and Regulatory Requirements

Provides audit trails and orchestrates data management activities, demonstrating compliance and facilitating remediation.

Reach Your Compliance Strategy with Fortra

GET A DEMO

Resources