Overview

Identifying and classifying types of data or information can be useful in the context of data security to help determine what:

  • legal obligations and rights may apply to the data or information;
  • benefits and risks may arise from its possession or use; and
  • the data or information can be used for, by whom, and in what circumstances.

Where applicable, it may be useful to classify or categorise data or information as:

  • personal information;
  • confidential information and trade secrets;
  • financial data or information;
  • intellectual property; or
  • government official information.

Personal information is defined in the Privacy Act 1988 (Cth) (Privacy Act).

An organisation may have confidentiality obligations to other parties in relation to data or information. It may have trade secrets such as valuable methods or know-how which are a source of

View all Data security obligations and data security breaches guidance

An organisation can seek to prevent or minimise a personal data security breach occurring by implementing an effective organisational data security compliance framework.

An effective organisational data security compliance framework can avoid or minimise the risk of an organisation and individuals within it breaching personal data security obligations.

Such a framework should usually include:

  • regular audits of the organisation’s IT security policies, systems, controls, processes and practices;
  • effective IT security policies, systems, controls, processes and practices;
  • staff training and awareness of data security obligations;
  • a positive and strong compliance culture; and
  • ongoing governance oversight.

An organisation should conduct regular audits of the organisation’s IT security systems, processes, practices and policies.

An organisation should develop and maintain effective IT security policies, systems, controls, processes and practices to prevent or minimise

View all Personal data security breach management guidance

A service provider is an organisation or person that provides any form of service to another organisation or individual.

Most service providers will have access to, use or store data or information in relation to providing a service that could be involved in a data security breach.

Such data or information may include personal information, confidential financial information or trade secrets, intellectual property and government official information.

A data security breach may arise whenever data or information of a service provider is accessed or used in any manner without permission, or is stolen, lost, corrupted, damaged or destroyed.

This may occur through the deployment of malicious code, by the acts or omissions of the service provider’s employees or contractors, and through unauthorised access to

View all Service providers, security and data breach notification guidance

Data security is frequently an issue of critical importance in commercial contracts between both public and private sector customers and their respective suppliers.

Under commercial agreements, a supplier may have access to, or be responsible for managing or hosting, confidential business information, personal information or government official information of the customer or the customer’s end-users.

The issue of data security tends to be addressed in commercial contracts with an ever-increasing level of sophistication and detail, as technological developments continue to rapidly advance and the risk of data security breaches is ever-present.

Data security obligations in commercial contracts are often addressed under three topics:

  • data security;
  • privacy; and
  • confidentiality.

Data security obligations in commercial contracts can cover a number of aspects of data security, including compliance with a

View all Data security in commercial transactions guidance

The term “big data” is often defined with reference to the characteristics of the volume, variety and velocity of data (the “three V’s”).

The characteristic of “volume” refers to the quantity or magnitude of data. “Variety” refers to the range of different types of data. “Velocity” refers to the speed at which data is generated, processed or analysed.

Other features of big data that have been identified are veracity, variability and complexity. The characteristic of “veracity” refers to the unreliability or imprecision of certain data. “Variability” refers to variability in the rate or velocity of data flow. “Complexity” refers to the multiple sources from which data may be generated.

Big data is created, transferred, stored, hosted, used and processed daily in virtually all

View all Big Data guidance

Guidance

Types of data

Identifying and classifying types of data | What are the sources of legal obligations that apply to particular data or information?

Types of breaches

How a data security breach may occur | Who can cause a data security breach

Data security obligations

Legal obligations in relation to data security | Obligations in relation to government requirements | Legal obligations in relation to data retention and destruction

Consequences to an organisation of the data security breaches

Consequences of a data security breach for an organisation | Identifying potential legal remedies for a data security breach | Determining which legal remedies to pursue in relation to a data security breach | Initiating the exercise of legal remedies

Show all guidance

Checklists

Checklist for Complying with both the Privacy Act and the GDPR

S. Sharma, S. Field and B. Tomlinson, Maddocks

Privacy - Checklist for Privacy policy

S. Sharma, Special Counsel, Maddocks

Data Breach Assessment Guideline

P. Fair and S. Lee, Baker McKenzie

Privacy - Internal privacy guidelines for staff

S. Sharma, Special Counsel, Maddocks

Checklist for Ensuring data protection compliance

P. Fair and S. Lee, Baker McKenzie

EU General Data Protection Regulation (GDPR) - Compliance checklist

S. Sharma, S. Field and B. Tomlinson, Maddocks

Checklist for computer and device use

P. Fair and S. Lee, Baker McKenzie

Checklist for Data breach response guideline

P. Fair and S. Lee, Baker McKenzie

Privacy - Checklist for direct marketing

S. Sharma and E. Lau, Maddocks

EU general data protection regulation (GDPR) - Checklist for controller versus processor

S. Sharma, Special Counsel and B. Tomlinson, Partner, Maddocks

Threshold compliance checklist - GDPR and the Privacy Act

S. Sharma, S. Field and B. Tomlinson, Maddocks

Workflow Checklist: Content of notification

D. Kneller, Madgwicks Lawyers

Legislation

Forms and Precedents

Consequences to an organisation of the data security breaches

Compliance after a data security breach has occurred