Maddocks has launched a new data and privacy tool to assist clients with managing privacy risks under the Privacy Act 1988 (Cth) (Privacy Act) and the 13 Australian Privacy Principles (APPs) – and to prepare for proposed changes to these laws.
ADAPT by Maddocks (Australian Data and Privacy Tool) is a digital tool in BETA form that has been developed to efficiently gather information about an organization’s personal information handling practices, policies, processes, and organizational measures through a survey and mapping data tool, to identify key compliance gaps.
Maddocks Privacy and Cyber Partner and project sponsor Sonia Sharma said: “From our extensive work with clients, we know businesses must have a baseline understanding of their current information handling practices and current compliance measures across their organization. A clear understanding is key to proactively managing privacy compliance risks and improving privacy compliance maturity.
“We know that organizations want to do the right thing, but many simply do not know where to start, and the task of privacy compliance can feel overwhelming. We turned our proven training, education, information gathering, and gap analysis methodology into ADAPT. We saw the need for a solution to quickly help organizations understand their current compliance with the Privacy Act and the APPs.
“Following the recent large-scale data breaches, the conversation around privacy has moved from the parliament to the pub. Community expectations have changed, and so have the laws. Not complying with these obligations can lead to penalties of over $50 million for serious or repeated breaches. The reputational damage from losing digital trust from customers and other stakeholders can be immense.”
Developed with assistance from the firm’s innovation program, Maddocks Innovus, the tool’s introduction comes as the federal government is expected to announce wide-ranging reforms to Australia’s Privacy Act. Sharma says while some organizations are prepared, others have yet to implement the basic measures required to comply with future changes to the law or even the current state of play.
“The OAIC has clearly stated that the mandatory data breach regime under our Privacy Act is mature, yet we still find organizations that don’t have a data breach response plan or have one that falls well short of regulatory expectations. While the OAIC expects organizations to conduct Privacy Impact Assessments for new projects, many organizations don’t have a framework in place for conducting these,” Sharma said. “All are mandated in some way or are expected to come into play as part of the Privacy Act reforms.”
In addition to their obligations under the Privacy Act, corporate regulator ASIC has warned boards and executives of the potential for legal action if they were recklessly unprepared for cyberattacks.
Also Read: Why Identity Security Should Be the Foundation of Modern Cybersecurity
“We developed the tool based on years of practical experience in helping our clients with our detailed understanding of the legislation, regulatory environment, and experience on the front line of data breaches,” Sharma said. “With Australia now considered a ‘soft target’ globally, the stakes are higher than ever. We wanted to provide the market with an efficient and effective solution for managing risks in a way that is fit for purpose for the size and scale of the organization. I hope that ADAPT by Maddocks will help organizations feel empowered rather than overwhelmed and allow them to develop a clear plan for improving their privacy compliance.”
