Australia

Australia’s cybersecurity legislation is intended to safeguard businesses and consumers from internet dangers. The Australian Cyber Security Centre (ACSC) is in charge of establishing and implementing cybersecurity policies in Australia. The ACSC collaborates with the commercial sector, academia, and international partners to enhance cybersecurity risk awareness and promote best practises. Businesses in Australia are required by law to take measures to protect their data and systems against cyber assaults. These precautions include using secure passwords, encrypting data, and backing up files on a regular basis. Failure to put these procedures in place might result in hefty financial penalties. Businesses in Australia are also required by law to report data breaches to the ACSC. This helps to guarantee that incidents are examined and that preventative measures are implemented.

Eshield Provides a wide range of services to our Australian clients including but not limited to:

  • Australian Privacy Principles (APPs): The Australian Privacy Principles (APP) guidelines outline the mandatory requirements of the APPs, how we’ll interpret the APPs, and matters we may take into account when exercising our functions and powers under the Privacy Act 1988 (Privacy Act). Both the APPs and the APP guidelines apply to any organisation or agency the Privacy Act covers. The Privacy Act covers Australian Government agencies and organisations with an annual turnover of more than $3 million and some other organisations. Reference
  • The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (AA Act): The Australian Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (AA Act) is a polarising piece of legislation. From one perspective, it is a draconian anti-encryption law that potentially enables Australian agencies to compel companies to ‘build surveillance backdoors into their encrypted products and services. From another, it is a measured response to the ‘going dark’ issue that ‘does not allow for … the creation of decryption capabilities [or] the implementation of so-called ‘backdoors’. Reference
  • Consumer Data Right (CDR): The Consumer Data Right is a world-leading data sharing and portability initiative. Every time a consumer purchases or uses a product or service, valuable data is generated about them. In the past, this data was exclusively held by the product or service provider. With the introduction of the Consumer Data Right, cxonsumers can choose whether to share their data, who they want to share it with, and for how long. The Consumer Data Right also requires businesses to share data about the products and services they offer in a standardised way. This makes it easier to compare offers. Reference
  • PCI DSS: The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive the adoption of data security standards and resources for safe payments worldwide. The PCI SSC’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. We achieve this with a strategic framework to guide our decision-making process and ensure that every initiative is aligned with our mission and supports the needs of the global payments industry. Reference
  • CPS 234: CPS 234 is an information security law that is meant to protect regulated organizations from cyberattacks and other security threats. Furthermore, when a clear data breach or other security event is identified, firms must respond quickly. Cyberattacks are becoming more frequent, complex, and damaging, and criminals are continually upgrading their efforts to destroy systems, networks, and information. CPS 234 requires entities regulated by APRA to maintain information security systems and practices that are appropriate for the dangers they face in order to decrease risk and improve cybersecurity. It also requires businesses to employ supplier risk management practices in order to limit the frequency and severity of third-party accidents.

Not just these we also specialize in State wise information security and Data Privacy laws.

  • Information Privacy Act 2014 (Australian Capital Territory): The Information Privacy Act 2014 (ACT), which commenced on 1 September 2014, introduced new privacy laws for Australian Capital Territory public sector agencies. The Information Privacy Act introduced the Territory Privacy Principles, which set out standards for handling personal information. They’re similar to the APPs. Reference
  • Information Act 2002 (Northern Territory): The Information Act 2002 combines laws related to privacy, freedom of information, and public records in one Act. This Act only applies to records created by the Northern Territory government and NT government agencies. Access to non-government and Commonwealth records is covered by other legislation. The Information Act is applied to, and supports, applications to access personal records related to time in care in the Northern Territory. Reference
  • Privacy and Personal Information Protection(PPIP) Act 1998 (New South Wales): The Privacy and Personal Information Protection Act 1998 (PPIP Act) outlines how New South Wales (NSW) public sector agencies manage personal information and the functions of the NSW Privacy Commissioner. Agencies that are bound by the PPIP Act are NSW public sector agencies, statutory authorities, universities, NSW local councils, and other bodies whose accounts are subject to the Auditor General. Reference
  • Information Privacy Act 2009 (Queensland): The primary object of this Act is to provide for (a) the fair collection and handling in the public sector environment of personal information; and (b) a right of access to, and amendment of, personal information in the government’s possession or under the government’s control unless, on balance, it is contrary to the public interest to give the access or allow the information to be amended. Reference
  • Personal Information Protection Act 2004 (Tasmania): The collection, maintenance, use and disclosure of personal information relating to individuals is regulated by the Personal Information Protection Act 2004 (PIP Act). The Act places specific obligations upon personal information custodians for this purpose. Under the PIP Act, the public authority is the custodian of personal information related to its functions and activities. Reference
  • Privacy and Data Protection Act 2014 (Victoria): The purposes of this Act are (a) to provide for responsible collection and handling of personal information in the Victorian public sector; and to provide remedies for interferences with the information privacy of an individual; and (c) to establish a protective data security regime for the Victorian public sector; and (d) to establish a regime for monitoring and assuring public sector data security; and (e) to establish the Commissioner for Privacy and Data Protection; and to repeal the Information Privacy Act 2000 and the Commissioner for Law Enforcement Data Security Act 2005 and make consequential amendments to other Acts. Reference

Our services include consulting, assessment, and support services.

Please visit our Services page for a full range of services offered, and for more info: Contact us