Products
By Use Cases By Roles
Data Command Center
View
Learn more

AI Security & Governance

Discover, assess, and safeguard AI usage

Learn more

Data Access Intelligence & Governance

Identify which users have access to sensitive data and prevent unauthorized access

Learn more

Asset and Data Discovery

Discover dark and native data assets

Learn more

LLM Firewall

Secure your GenAI applications with distributed and context-aware LLM firewalls

Learn more

Data Privacy Automation

PrivacyCenter.Cloud | Data Mapping | DSR Automation | Assessment Automation | Vendor Assessment | Breach Management | Privacy Notice

Learn more

Sensitive Data Intelligence

Discover & Classify Structured and Unstructured Data | People Data Graph

Learn more

Data Flow Intelligence & Governance

Prevent sensitive data sprawl through real-time streaming platforms

Learn more

Data Consent Automation

First Party Consent | Third Party & Cookie Consent

Learn more

Data Catalog

Automatically catalog datasets and enable users to find, understand, trust and access data

Learn more

Data Lineage

Track changes and transformations of data throughout its lifecycle

Learn more

Data Security Posture Management

Secure sensitive data in hybrid multicloud and SaaS environments

Learn more

Data Breach Impact Analysis & Response

Analyze impact of a data breach and coordinate response per global regulatory obligations

Learn more

Compliance Management

Automate Compliance with Global AI and Data Frameworks using Common Controls and Tests
Data Controls Orchestrator
View
Data Command Center
View
Sensitive Data Intelligence
View

Asset Discovery
Data Discovery & Classification
Sensitive Data Catalog
People Data Graph
Learn more

Privacy

Automate compliance with global privacy regulations

Data Mapping Automation

View

AI Security & Governance

View

Data Subject Request Automation

View

People Data Graph

View

Assessment Automation

View

Cookie Consent

View

Universal Consent

View

Vendor Risk Assessment

View

Breach Management

View

Privacy Policy Management

View

Privacy Center

View

Learn more

Security

Identify data risk and enable protection & control

Data Security Posture Management

View

AI Security & Governance

View

LLM Firewall

View

Data Access Intelligence & Governance

View

Data Risk Management

View

Data Breach Analysis

View

Learn more

Governance

Optimize Data Governance with granular insights into your data

Data Catalog

View

Data Lineage

View

Data Quality

View

AI Security & Governance

View

Compliance Management

View

LLM Firewall

View
Data Controls Orchestrator
View
Solutions
Technologies

Covering you everywhere with 1000+ integrations across data systems.

Snowflake

View

AWS

View

Microsoft 365

View

Salesforce

View

Workday

View

GCP

View

Azure

View

Oracle

View

Databricks

View

Learn more

Regulations

Automate compliance with global privacy regulations.

US California CCPA

View

CPRA
California Privacy Rights Act

View

European Union GDPR

View

Thailand’s PDPA

View

China PIPL

View

Canada PIPEDA Compliance Solution

View

Brazil's LGPD

View

+ More

View

Learn more

Roles

Identify data risk and enable protection & control.

Privacy

View

Security

View

Governance

View

Marketing

View
Resources

Blog

Read through our articles written by industry experts

Collateral

Product brochures, white papers, infographics, analyst reports and more.

Knowledge Center

Learn about the data privacy, security and governance landscape.

Securiti Education

Courses and Certifications for data privacy, security and governance professionals.

Webinars

Learn from industry thought leaders why you need a Data Command Center to enable safe use of data.
Company

About Us

Learn all about Securiti, our mission and history

Partner Program

Join our Partner Program

Contact Us

Contact us to learn more or schedule a demo

News Coverage

Read about Securiti in the news

Press Releases

Find our latest press releases

Careers

Join the talented Securiti team

Australia Moves Closer to GDPR-Like Privacy Laws – Challenges for Australian Businesses

Published April 22, 2024

The Australian Government published its response to the Privacy Act Review Report in September 2023 agreeing to 38 proposals, “agrees in principle” to 68 proposals (i.e. further consultation required to understand impact and alignment with other reviews like Digital ID, and the Australian Cyber Security Strategy before implementation), and notes the remaining 10.

Privacy Act Review Report Response has 5 key themes for organisations to consider:

Bring the Privacy Act into the digital age
Uplift protections
Increase clarity and simplicity for entities and individuals
Improve controls and transparency for individuals over their personal information
Strengthen enforcement

Though this may not be widely understood and a number of businesses may have conducted an assessment, there is not widespread implementation of technologies and capabilities for businesses to be in a position to comply once the changes come into law. Additionally, there is a limited number of experienced data protection or chief privacy officers relevant in implementing technology, and consultancy and advisory teams from firms in Australia are already stretched to help businesses meet the requirements.

This opinion piece is focused less on what is changing from a framework and consultative approach, it is more focused on the practical steps to implement technology to meet a legal compliance perspective.

Some of the Key New Requirements for Businesses likely to arrive with new Privacy Regulation:

Definition and types of personal data
Scope and applicability
Rights of personal data subjects
Controller and processor of personal data
Lawful grounds for processing personal data
Data protection officer and impact assessment
Requirements for cross-border personal data transfer
Sanctions

Understanding these requirements as they relate to the implementation of technology is important, as to meet the requirements of the Privacy Regulations in other countries, some technologies will need earlier implementation than others. In some cases, a phased approach will be required to effectively deploy capabilities in a parallel manner to adjust for technologies with prerequisites or those that have a longer lead time for implementation. Experience has demonstrated that three (3) streams of work are usually required for a successful implementation of Technologies to help organisations meet their compliance requirements.

Three Key Streams

DISCOVER Classify and Understand Sensitivity
STREAMLINE & AUTOMATE Privacy Processes
COMPLY Consent and Incident Management

DISCOVER Classify and Understand Sensitivity

This has implications above and beyond the privacy needs. Understanding what personal and sensitive data is held, where it is stored, how it is used in applications and processes, and why it is still held has implications for Risk, Security, Governance, and Compliance teams.
Why is the Data still held? Are there duplicates, or are there multiple versions? These points have implications:
- Information Protection – as to how this information is stored and protected?
- Governance – why it is still being held, and the quality of the data? Risk around why there is a need to hold this information: can reducing holding reduce risk?
- Compliance – are we meeting all the regulatory requirements around sensitive and personal data?
- Privacy – can we manage Data Subject Requests (DSRs) and Breach Management and notification requirements under the PDP Law?
Data Discovery is not enough, you need to apply sensitive data intelligence and automatically orchestrate appropriate actions to data!

STREAMLINE & AUTOMATE Privacy Processes

Building on the data intelligence created during the discovery phase, data subject access requests can now be automated to meet the requirements of the PDP Law. Requests can be collected, authorised, and processed to meet the 72-hour response timeline.
You need to understand what applications and processes are using personal data and ensure any orphan data is managed appropriately. This requires the creation of data maps and records of processing. By linking these applications and processes to the asset holding and processing that data can provide near real-time compliance and accurate tracking of any variations to the Privacy Impact Assessments (PIA) associated with the applications of processes.
Collaboration across the organisation will be required for Data Privacy Impact Assessments (DPIA), and automation will be required to scale across the business to meet the requirements of mapping all applications and processes. Additionally, the risks determined during this will need to be exposed and addressed. This will require automation and risk visualisation in an actionable dashboard so the prioritisation of risk reduction can be managed.
Cross-border transfers need to be managed and understood. This includes controlled and uncontrolled data stores managed by third parties. This type and sensitivity of this information needs to be understood, monitored, and managed according to regulations.

Any incident, no matter how small, will be required to be tracked and assessed according to the regulation. This will require collaboration and assessments to be collected in a timely manner and the risks measured to determine reporting obligations.
You will need to ensure that consent from the Data Subject is collected and maintained forever. This means any updates or changes are also managed, taking into account the requirements, to ensure this consent can be reported upon for data subject access requests.

Lessons from Other Geographies

Along with the emergence of Modern Privacy regulations based on similar principles to GDPR, we are experiencing countries morphing these regulations into Data Protection and Privacy, including Sensitive Data.

Organisations are also encountering Data Sovereignty Laws as well as banking regulations around PII and Metadata that require audit and compliance at the cloud scale.

Key Points

Globally, Modern Privacy Regulation is morphing into Data Privacy Regulation.
Technology is being developed and adopted to help organisations manage these regulations at scale and, where possible, autonomously.
An overlap of roles and responsibilities across Policy, Classification, and Protection is occurring, and the adoption of cloud and multi-cloud is accelerating this.

Key Insights

Multiple parts of the business are looking to solve similar use cases

This is resulting in time and cost impacts to the business, as often multiple vendors are being assessed, and solution overlap is often significant, significantly impacting contracting and operating costs.

Impending regulation enforcement is fast approaching

It takes the business significant time to assess, select, implement, and operationalise a solution. This is putting the business at compliance risk and potential brand impact compared to competitors who have taken earlier steps to meet their obligations to Consumers and Regulators. Often, the business is not ready to embrace the organisational program of work and have appropriate budgets in place to implement and operationalize a privacy program.

Organisational alignment is critical

Typically, we find in businesses the following stakeholder teams to deliver successful programs; please note the use of the term program versus project as a Privacy Program is ongoing and needs to be built and funded accordingly:

Chief Data Officer or Head of Data Governance
- The CDO works with the business owners to define the classification of and policy around business data, including sensitive data.

Chief Information Security Officer or Head of Information Security and Risk
- The CISO/CSO operates the technology to implement the protective controls and mitigations.

Data Protection Officer or Chief Privacy Officer
- The DPO/CPO is guided by the applicable regulations for the geographies the business operates.

Legal Team
- The legal team will be responsible for providing guidance to adherence to regulatory requirements and reporting obligations.

Conclusion

Action is required to organisationally align via a cross-functional task force.
- The task force should determine priority steps to achieve compliance by October, potentially with a minimum viable product approach, and
- The task force should develop a range of Business Pro.
Engage peers in other organisations who are already on the journey to understand best practices and learnings.
Engage advisory and technology integration partners with the potential experience and skills to augment internal resources.
Engage technology vendors with expertise and experience, as timely engagement and implementation will be required.
Align technology with the regulation, adapt to the business processes defined by the task force, and build a plan based on the maximum level of compliance by October 2024.

Three Key Streams

DISCOVER Classify and Understand Sensitivity

STREAMLINE & AUTOMATE Privacy Processes

Lessons from Other Geographies

Key Points

Key Insights

Multiple parts of the business are looking to solve similar use cases

Impending regulation enforcement is fast approaching

Organisational alignment is critical

Conclusion

Newsletter

Company

Resources

Terms

Get in touch

Australia Moves Closer to GDPR-Like Privacy Laws – Challenges for Australian Businesses

Three Key Streams

DISCOVER Classify and Understand Sensitivity

STREAMLINE & AUTOMATE Privacy Processes

COMPLY Consent and Incident Management

Lessons from Other Geographies

Key Points

Key Insights

Multiple parts of the business are looking to solve similar use cases

Impending regulation enforcement is fast approaching

Organisational alignment is critical

Conclusion

Join Our Newsletter

Share

More Stories that May Interest You

Safe and Responsible AI in Australia – The Government’s Interim Response

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Email Marketing Requirements under GDPR and e-Privacy Directive

Newsletter

Company

Resources

Terms

Get in touch

What'sNew

What's
New