Privacy Act Compliance
Comply with the principles set out under current Privacy Act Law
The Australian Privacy Principles (APPs) in the Privacy Act outline how most Australian and Norfolk Island Government agencies, all private sector and not-for-profit organisations with an annual turnover of more than $3 million, all private health service providers and some small businesses (collectively called ‘APP entities’) must handle, use and manage personal information.
The Australian Privacy Act came into effect in March 2014 creating a uniform set of Privacy Principles called the Australian Privacy Principles (APP). The OAIC (Office of the Australian Information Commissioner) expects entities to take reasonable steps to comply with the Act. The legislation applies to all government and private sector organisations with revenue exceeding $3m and can face penalties up to $1.7m for breaching Australian privacy laws.
Vectra’s Privacy Act Compliance service is an assessment of procedures and policies to ensure entities are meeting APP obligations. Here are some examples of the assessment tasks:
- Review procedures that manage personal information in an open and transparent way.
- Review how individuals are provided the option of not identifying themselves, or of using a pseudonym.
- Review procedures related to collection of personal and collection of ‘sensitive’ information.
- Review procedures related to unsolicited personal information.
- Review procedures related to what circumstances an entity must notify an individual of certain matters.
- Review procedures related to the circumstances in which an entity may use or disclose personal information that it holds.
- Review procedures related to use or disclosure of personal information for direct marketing purposes.
- Review the steps that must be taken to protect personal information before it is disclosed overseas.
- Review procedures to determine obligations are met when an individual requests to be given access to personal information held about them including the requirement to provide access unless a specific exception applies.
- Review procedures to address obligations in relation to correcting the personal information an entity holds about individuals.
Why choose Vectra Corporation?
Vectra was the first Australian company to be certified as a Qualified Security Assessment Company (QSAC) by the PCI Security Standards Council when it was formed in 2006. Since that time we’ve assisted thousands of organisations of all sizes in sectors including retail, financial services, insurance, transport, banking, credit unions, building societies, utilities, gaming and third party hosting and service providers. We have a number of Qualified Security Assessors both in house and working remotely who can help you to meet all requirements of the standard from start to finish.