In today’s world, information is everything, or put another day, we are living in an era of the ‘information explosion’. So much so, that in many instances, those holding information can decide the fate of other individuals or organisations.
This alone is why it imperative for governments to impose laws and regulations to keep data protection intact and at the same time, keep national security protected.
Ultimately, data privacy laws and regulations impact data analytics and intelligence, in the way that businesses manage, consume, store and analyse consumer data. With more and more laws and regulations being developed, it’s necessary to understand the privacy and encryption laws relating to data governance that apply to you.
Below we outline five (5) data privacy & encryption laws which you should know about.
1. Assistance & Access Bill 2018 (Telecommunications Industry)
Passed on December 2018, this bill directs organisations to provide assistance in accessing encrypted data of their consumers.
When announced, this broadbill attracted particular attention due to inclusion of its ability to intercept encrypted messages sent using tools such as WhatsApp and Apple iMessage platforms. The reason put forth by the government is that criminals may misuse the encryption technology, thus compromising national security.
Some cyber experts claim that this might actually hinder global data security as the tech companies need to provide a back door to their technologies; thus making consumer data more vulnerable to cyber-attacks.
2. Consumer Data Right (ACCC, Australia)
Announced on November 2017, the Australian government introduced a bill to give more power to consumers. Consumers can not only request how their data is being held with third-parties, but it also aids them to compare and more-easily switch between products, services and providers.
This, in turn, has seen an increase in competition among service providers and related improvement in the overall consumer satisfaction levels, with better product and services prices and also improved quality.
The Consumer Data Right law is first being applied to the banking and financial services industry, followed by the energy sector and then the telecommunications industry.
3. Privacy & Personal Information Protection Act 1998 (New South Wales)
The Privacy & Personal Information Protection Act was introduced by the Australian government as one of the Australian Privacy Principles in 1998.
This Act works in favour of the consumer’s data protection and applies to government agencies and non-government organisations, with an annual turnover of more than $3 million (as well as some other organisations). These organisations must comply with the Data Management Regulations on behalf of their consumers.
4. Privacy & Data Protection Act 2014 (Victoria)
This Act was passed with the intent to significantly improve privacy and data protection of people handled by the Victorian public sector including Victorian government departments, local councils and government institutions.
This Act was also aimed at increasing the awareness of Information Privacy Principles (IPPs).
5. Information Privacy Act 2014 (Australian Capital Territory)
This Act relates to government agencies in the Australian Capital Territory and their storage and data handling of data relating to individuals by ACT Government agencies and how it must be protected from data breaches.
The Information Privacy Act 2014 requires that all agencies ensure that the information/data which they keep is protected, accurate and accessible to the individuals concerned.
CONCLUSION
Every organisation, regardless of jurisdiction or industry, must understand data legislation that applies to them and how they are enforced by government bodies. Not only are there severe penalties imposed for breaching of the legislation but adhering to data legislation and regulation leads all organisations to improve their data governance, data protection and data resilience maturity.
Also Read: Data Protection and Privacy Officer Priorities 2019