[Data privacy] laws: What you need to know

2nd October 2024
Cybersecurity

Jump to:
Start Why are data privacy changes needed? What are the new data privacy laws? Compliance is key Third-party considerations Find out more
Share this article?

A few weeks ago, the Federal Government introduced a new bill containing some much-anticipated amendments to the Privacy Act.

While the ultimate scale of these changes is far less than was originally anticipated and called for by industry, the government has described them as a ‘first tranche’, signaling there will be more amendments to come. 

This marks the beginning of a sincere and significant shift in the way Australian legislation works to protect the privacy of its citizens in a new digital age.

Read on to learn more about these changes and what they could mean for event managers.

Why are data privacy changes needed?

According to recent statistics released by the Australian privacy watchdog, there were more than 520 data breaches between January and June of this year.

This represents a whopping 9% increase from the second half of 2023 and a continuation of a worrying trend.

The privacy commissioner said this increase demonstrates that there are significant threats to be concerned about, many of which have the potential to put Australians at serious risk of harm.

What’s more, more than half of the breaches reported were cyber attacks targeting information systems, networks, computer infrastructure or PCs.

The new privacy laws aim to update legislation to meet the reality of our new online world, including providing more accurate descriptions of the steps organisations need to take to ensure data privacy is protected.

What are the new data privacy laws?

The government has said the first raft of changes has been designed to close loopholes and address specific cybersecurity and data privacy concerns.

Here are some of the key changes to be aware of. 

AI transparency

Under the new laws, organisations must include information on their privacy policies about automated decision-making that could impact an individual’s rights or interests. 

Notably, this law is designed to provide transparency alone. Under the current changes, individuals do not have the right to be excluded from automated processing decisions or to request information about how these decisions are made. 

Statutory tort and doxxing

In an important change for cybersecurity, the Privacy Act now includes a statutory tort. This allows individuals to seek compensation if their privacy is impacted by a serious breach.

With this change, individuals can sue for misuse of information or even intrusion of seclusion, which might include being filmed in a private place. 

The new changes have also outlawed the practice known as ‘doxxing’ or ‘doxing’, which is the malicious and intentional release of personal information or private details without their consent. 

Those found guilty of doxxing can now face up to seven years in jail.

Handling of personal information

The new laws have also updated the ‘reasonable steps’ an organisation is expected to take to protect data privacy

This now includes both technical and organisational measures, meaning businesses need to have governance structures in place to protect data alongside cybersecurity protections. 

Overseas information

Another key change aims to facilitate disclosure of private information overseas. 

The government will designate specific countries with whom data can be shared without the need to comply with APP 8. The countries to which this applies will be required to have similar data laws and protections to our own.

This aims to make it easier for Australian organisations to enter into contracts with overseas organisations and allow for private information to be shared more rapidly among trusted groups.  

 

You can learn more about the amendments on the Department of the Attorney-General website.

Compliance is key

We don’t have to look far to see why noncompliance is not an option.

Of course, failing to adhere to regulations can leave you unnecessarily exposed, which can increase your risk of being breached. This puts your organisation and your customers — in danger. 

What’s more, companies who fail to meet regulations could be subject to investigation by the Information Commissioner

Under powers approved in May 2022, the Information Commissioner can hand down a fine of whichever is greater: $50 million, triple the value gained through information misuse or 30% of a company’s turnover in the relevant period. 

For businesses, the risk can even be existential.

MediSecure, which was the victim of a ransomware data breach earlier this year, went into administration just weeks after the attack, unable to recover from the financial and reputational damage.

With this in mind, now is a great time for organisations of all shapes and sizes to check their compliance with data privacy laws to secure their customers and themselves into the future.

Third-party considerations

While securing your own data is vital, it’s perhaps equally important to ensure that of your third party and partner organisations as well.

For instance, if you use event management software to run events, a customer relationship management (CRM) system to handle your sales data or even an email marketing platform to handle your communications, it’s likely that they will have access to some of your data.

To mitigate risk, it’s a good idea to only work with trusted vendors who are open and transparent about their cybersecurity and data privacy practices.

Unlike some other event management software providers, evexus prides itself on keeping all of your client’s data safe and secure.

One way we do this is by seeking the express consent of every attendee, ensuring they each individually opt-in to privacy policies, terms and conditions and any other necessary forms.

In contrast, many other systems allow a main registrant, such as someone completing a group registration, to opt in on their attendee’s behalf. This presents an unacceptable risk, as it is non-compliant with global privacy laws

What’s more, while we put privacy first, we don’t allow it to make your life hard. To make sure our registration process remains seamless, we allow you to send automatic consent opt-in emails to each attendee after a booking has been made so you can still reap the rewards of offering group registration.

Find out more

Protecting your data privacy is just one of the ways evexus’ event management software is designed for you. 

Learn more on our website or book a demo today.

More from the blog

October 31, 2024

Running better networking events

Looking for networking event ideas your attendees will love? Read on to discover our top tips for amazing networking events.

Read more
October 23, 2024

Member benefits: How associations can boost member value

Is your member value proposition compelling? We take a deep dive into the research to find the membership benefits that will keep them coming back.

Read more
October 16, 2024

Creating a great event feedback form

Are your post-event survey questions getting you the best bang for your event feedback form buck?

Read more
October 11, 2024

Event gamification: Does it really work?

Feeling lucky? Here’s how you can elevate your attendee experience with event gamification.

Read more
October 10, 2024

Event data analysis: Turning analytics into attendance

Find out what associations need to know about event data analysis and how they can leverage event data to boost success.

Read more
October 9, 2024

The Future of Event Technology: Looking to the Next Decade

Discover the characteristics of Gen Z and how to leverage them to attract young members and drive membership growth.

Read more
September 24, 2024

The gift of the gab: Public speaking tips from an expert

We spoke to Jon Yeo from TEDxMelbourne to get the inside scoop on the top public speaking tips and must-have skills for speakers.

Read more
September 16, 2024

Maximising ROI from Hybrid Events: Best Practices and Strategies

Discover the characteristics of Gen Z and how to leverage them to attract young members and drive membership growth.

Read more

Let’s build a complete solution for your next event.

We’d love to discuss how we can help you with the important elements for your event.

Book a demo with one of our event specialists today

Let us show you under the hood of evexus and how it has helped hundreds of event planners around the globe deliver content with ease.

Book a demo