LISTEN NOW: Evolution of Data Controls in the Era of Generative AI

View

Tasmania’s (PIPA) + (PIPPs)

Operationalize PIPA + PIPPs compliance with the most comprehensive PrivacyOps platform

Last Updated on noviembre 8, 2023

Schedule Your
Personal Demo

Learn how you can leverage Securiti’s Data Command Center to address data security, privacy, governance, and compliance.

Ver una demostración
Schedule your demo today

The Personal Information Protection Act 2004 (PIPA) is a privacy law that applies to Tasmanian public and private sector organizations. It establishes guidelines for these organizations' use of personal data and provides individuals with certain rights.

Under PIPA, organizations must obtain an individual's consent before collecting their personal information and must only use that information for the purposes for which it was initially collected. Organizations must also take reasonable steps to ensure that individuals’ personal information is accurate, up-to-date, and secure.

The Personal Information Protection Principles (PIPPs) are principles outlined in the Tasmanian Personal Information Protection Act 2004 (PIPA). The PIPPs were created to safeguard individuals’ privacy and regulate how personal information is collected, used, stored, and disclosed by organizations in Tasmania. The 10 PIPPs are as follows:

  1. Openness: Organizations must establish transparent and clear policies for handling personal data.
  2. Collection: Personal information must only be collected for lawful purposes and must be collected in a fair and non-intrusive manner.
  3. Use and disclosure: Personal information must only be used or disclosed for the purpose for which it was collected or for a related purpose that the individual would reasonably expect and obtain data subject’s consent for it.
  4. Data quality: Personal information must be accurate, complete and up-to-date.
  5. Data security: Organizations must take reasonable steps to protect personal information from misuse, loss, unauthorized access, modification, or disclosure.
  6. Access and correction: Individuals have the right to access and correct their personal information held by an organization.
  7. Unique identifiers: Organizations must not adopt a person's government-related identifier as their own identifier, except in certain circumstances.
  8. Anonymity: Individuals have the right to deal with an organization anonymously, where it is lawful and practical.
  9. Transborder data flows: Organizations must ensure that personal information is adequately protected when it is transferred overseas.
  10. Sensitive information: should not collect sensitive information about an individual unless the individual has given consent, the collection is required or permitted by law, or it is necessary to prevent a serious threat to an individual's life or health and they are unable to give consent.

The Solution

Securiti enables organizations to comply with Tasmania’s Personal Information Protection Act 2004 (PIPA) + Personal Information Protection Principles (PIPPs), through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.

Securiti supports enterprises' journey toward compliance with Tasmania’s Personal Information Protection Act 2004 (PIPA) + Personal Information Protection Principles (PIPPs) through automation, enhanced data visibility, and identity linking.

Tasmania PIPA Compliance Solution

Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.


Assess Personal Information Protection Act 2004 Readiness

Schedule 1

With the help of Securiti’s multi-regulation, collaborative, readiness, and privacy impact assessment system, you can measure your organization's posture against Personal Information Protection Act 2004, identify the gaps and address the risks.

Tasmania PIPA Assessment Automation
Tasmania PIPA data access request

Secure Fulfillment of Data Access Requests & Automate Processing of Rectification and Anonymization Requests

PIPA Part 3A+ PIPP 3 + PIPP 6 + PIPP 8

Automates fulfillment of data subject requests for access to personal data and amends and corrects any incorrect, incomplete, out-of-date, or misleading, and anonymizes personal data stored once requested by the data subject. Securiti’s Data Subject Access Requests automation also enables organizations to create customized data subject rights request forms embedded in websites, verify identities, and aggregate requests into a fulfillment automation workbench.

Map Data Flows (Cross-Border Data Transfers)

PIPP 9

Track data flows regarding the transfer of personal information about an individual to another person or other body who is outside Tasmania.

Tasmania PIPA map data flows
Tasmania PIPA Universal Consent Management

Monitor and Track Consent

PIPP 2(1)(b) + 2(1)(c)(ii) + 2(4)(a) + 2(4)(c)(i) + PIPP 9(b) + PIPP 10(1)(a)

Automates secure capture of consent for use and disclosure of personal information by personal information custodians. Securiti's Consent Management Platform enables organizations to obtain end-users' consent for data access, retrieval, and advertising purposes.

Privacy Policy and Notice Management

PIPP 5

Ensures that policies and notices are regularly updated and renewed in compliance with legal requirements by utilizing a single privacy dashboard for automatic updates.

Tasmania PIPA Privacy Policy notice Management
Tasmania PIPA Data Protection Security Controls

Assess Data Protection Measures and Enable Appropriate Security Controls

PIPP 4

Helps determine the security level and accordingly implement relevant technical and operational measures to protect personal information from misuse, loss, unauthorized access, modification, or disclosure.

Quick Facts about Tasmania's Personal Information Protection Act 2004 (PIPA) and Personal Information Protection Principles (PIPPs)

1

PIPA is a privacy law that applies to Tasmanian public and private sector organizations (referred to as personal information custodians).

2

A personal information custodian may use or disclose an individual's basic personal information for a secondary purpose without consent if they are a public authority, it's reasonably necessary for efficient storage/use, and only used/disclosed to another public sector body.

3

A personal information custodian can collect sensitive health information about an individual if it's necessary for providing a health service, or for public health/safety research, statistics, or health service management/monitoring, and the custodian cannot obtain the individual's consent.

4

A personal information custodian must take reasonable steps to permanently de-identify health information before disclosing it, if collected about an individual.

5

An individual can complain to the ombudsman about a personal information custodian's alleged contravention of a personal information protection principle, but only after first raising the matter with the custodian and being dissatisfied with their response.

6

Complaints must be made within 6 months from the time the individual became aware of the issue. The complaints regarding requests for amendments of personal information should be made within 20 days.

7

The PIPPs aim to balance the legitimate needs of organizations to collect and use personal information with the privacy rights of individuals.

8

The PIPPs also provide guidance to organizations on how to comply with PIPA's privacy requirements.

IDC MarketScape

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Read the Report

What's
New