Overview
Whether it is customer lists, customer preferences, patient medical records or customer financials, personal information and data are the all-important “DNA” of many organisations.
As data volumes increase at an exponential rate and the landscape becomes increasingly complex with the use of the third-party service providers, cloud enabled technology, personal profiling, sophisticated analytics and multijurisdictional data flows, tackling questions regarding privacy can be daunting.
Certain organisations are required to comply (APP entities) with the Privacy Act 1988 (Cth). Key obligations include that such organisations:
- manage personal information in an open and transparent way (APP 1 - Open and transparent management of personal information) (see Understanding the relationship between privacy, cybersecurity and data resilience);
- take reasonable steps to implement practices, procedures and systems that will
In order to mitigate the risk of privacy issues, cyber security threats and achieve data resilience, it is important to take a proactive approach to privacy.
This means thinking critically about privacy during the planning and implementation stages of a project. As discussed in Implementing a privacy by design approach, privacy by design is essential to proactive management of privacy issues.
A privacy impact assessment (PIA) is an essential part of implementing new projects in order to achieve privacy by design.
A PIA is a systematic evaluation of a project that identifies the impact that the project might have on the privacy of individuals, and sets out recommendations for managing, minimising or eliminating that impact.
See Conducting a privacy impact assessment.
For any new project
At the most basic level, direct marketing involves the use of personal information to promote goods and services.
Direct marketing can occur via many different channels and take on many different forms, from:
- sophisticated targeted online campaigns;
- promoting a new product range via electronic message; or
- soliciting customer feedback (and gently spruiking a new service) via phone to good old-fashioned snail mail.
Whether you are advising a client on the launch of a new product range, or the organisation you work for is rolling out a global client feedback survey with an option to upgrade to the latest software service package, direct marketing is likely to be an issue you are going to have to tackle at some point.
The direct marketing landscape provided for under
Today, organisations have access to more data than ever before. “Big data” is the new normal as organisations collect data across a broad range of channels such as apps, email, and web browsing. That data is then harnessed to provide valuable business insight.
Online behavioural advertising describes a wide range of activities companies engage in to collect information about users’ online activity (such as webpages visited, links clicked and online transaction history) which is subsequently used to show more tailored or relevant content and advertisements.
See Identifying the form(s) of online behavioural advertising.
Sometimes the data collected is not personal information in the traditional sense (such as your name, phone and contact details), but rather generic information linked to an online identifier which
View all Using cookies and other emerging forms of online behavioural advertising guidance
Guidance
Overview of privacy by design
Privacy by design
Implementing a privacy by design approach
What is privacy by design? | Benefits of implementing a privacy by design approach | Seven key principles of privacy by design
Securing personal information across the information life cycle
APP 11 and the requirement to take active security measures | What is the information lifecycle? | What are reasonable steps to protecting personal information held?
Overview of planning and implementing new projects
Proactive privacy
Checklists
Data security - Checklist for De-identification of personal information
A. Mitchell, Unisys
Checklist for Complying with both the Privacy Act and the GDPR
S. Sharma, S. Field and B. Tomlinson, Maddocks
Privacy - Checklist for Privacy policy
S. Sharma, Special Counsel, Maddocks
Cybersecurity strategy - Checklist for Overall cybersecurity strategy
P. Fair and S. Lee, Baker McKenzie
Data security - Checklist for Data security audit plan
A. Mitchell, Unisys
Workflow Checklist: Exceptions to notification obligations
D. Kneller, Madgwicks Lawyers
Data Breach Assessment Guideline
P. Fair and S. Lee, Baker McKenzie
Checklist for Ensuring data protection compliance
P. Fair and S. Lee, Baker McKenzie
Privacy - Internal privacy guidelines for staff
S. Sharma, Special Counsel, Maddocks
Cybersecurity strategy - Checklist for remote working
LexisNexis Legal Writer Team
EU General Data Protection Regulation (GDPR) - Compliance checklist
S. Sharma, S. Field and B. Tomlinson, Maddocks
Checklist for computer and device use
P. Fair and S. Lee, Baker McKenzie
Checklist for Transfers of personal data outside the European Economic Area
S. Sharma, S. Field and B. Tomlinson, Maddocks
Checklist for Data breach response guideline
P. Fair and S. Lee, Baker McKenzie
Privacy - Checklist for direct marketing
S. Sharma and E. Lau, Maddocks
Workflow Checklist: Identifying when a data breach is notifiable
D. Kneller, Madgwicks Lawyers
Data security - Checklist for Disaster recovery planning
A. Mitchell, Unisys
Workflow Checklist: Assessing a suspected data breach
D. Kneller, Madgwicks Lawyers
Checklist for Staff training on data protection compliance
P. Fair and S. Lee, Baker McKenzie
EU general data protection regulation (GDPR) - Checklist for controller versus processor
S. Sharma, Special Counsel and B. Tomlinson, Partner, Maddocks
Threshold compliance checklist - GDPR and the Privacy Act
S. Sharma, S. Field and B. Tomlinson, Maddocks
Privacy by design - practical checklist
S. Sharma, Maddocks
Workflow Checklist: Content of notification
D. Kneller, Madgwicks Lawyers

Legislation

- Overview of privacy by design
- Conducting a privacy impact assessment
- Overview of engaging in direct marketing
- Identifying sources of obligations for direct marketing
- Engaging in direct marketing
- Constructing direct marketing messages and mandatory unsubscribe facilities
- Overview of using cookies & other emerging forms of online behavioural advertising
- Deciding what types of personal information are used