Privacy Act Compliance and Audits

Vectra's privacy services are here to help ensure you're acting within the law and protecting your data.

The thirteen Australian Privacy Principles outlined in the Privacy Act, indicate how APP entities must handle, use and manage personal data.

Learn More
Dots Private documents in drawer

Australian Privacy Act

The Australian Privacy Act 1988 creating a uniform set of Privacy Principles called the Australian Privacy Principles (APP). It was last updated in March 2014.

The Office of the Australian Information Commissioner expects entities to take reasonable steps to comply with the Act.

The legislation applies to APP entities which include:

  • Most Australian and Norfolk Island Government agencies
  • All private sector and not-for-profit organisations with an annual turnover of more than $3 million
  • All private health service providers
  • Some small businesses

Privacy Principles

Thirteen privacy principles are outlined in the Privacy Act.

These cover legal responsibilities around:

  • Liability of an organisation for proper data governance
  • Handling of personal data
  • Ensuring an individual’s data is correct
  • People having an access to their own data

As these are based on law, rather than the law itself, businesses have flexibility as to how they do this. Ultimately, businesses must ensure no data breaches occur as it can lead to lead to regulatory action.

Compliance with the Act

Vectra’s privacy audits, assess procedures and policies to ensure entities are meeting their APP obligations.

For business integrity, it is important personal data is handled securely to avoid any attacks and stolen data.

Here at Vectra, our privacy assessments are in depth as we understand the importance of data security.

To ensure privacy compliance we review procedures and policies around:

  • Openly managing personal data
  • How individuals are provided with the option of not identifying themselves.
  • The collection of personal or ‘sensitive’ information.
  • Circumstances an entity must notify an individual of certain matters
  • When an entity may use or disclose personal information that it holds.
  • When to use or disclose personal data for direct marketing.
  • Personal data before it is disclosed overseas.
  • When an individual requests access to their personal data.
  • Correction of personal data

If Vectra does find weaknesses, we will suggest a privacy remediate process to ensure your organisation is following the APPs.