Eshield provides information security services to our Australian client, which are one of the key services. The cybersecurity legislation in Australia intends to safeguard businesses and consumers from internet dangers. The Australian Cyber Security Centre (ACSC) establishes and implements cybersecurity policies in Australia. The commercial sector, academia, and international partners collaborate with the ACSC to enhance cybersecurity risk awareness and promote best practices. Australian businesses must take measures to protect their data and systems against cyber assaults as required by law. These measures include using secure passwords, encrypting data, and regularly backing up files. Failure to implement these procedures may result in hefty financial penalties. Additionally, Australian businesses are obligated by law to report data breaches to the ACSC, ensuring that incidents are investigated and preventive measures are implemented.
Eshield Provides a wide range of cyber security services to our Australian clients including but not limited to:
Australian Privacy Principles APPs:
The APP guidelines outline the mandatory requirements of the Australian Privacy Principles (APPs). They provide interpretation of the APPs and consider relevant matters when exercising our functions and powers under the Privacy Act 1988 (Privacy Act). Both the APPs and the APP guidelines apply to any organization or agency covered by the Privacy Act. The Privacy Act covers Australian Government agencies, organizations with an annual turnover exceeding $3 million, and certain other organizations. Reference
The Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (AA Act):
The Australian Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 (Cth) (AA Act) polarizes opinions. Some view it as a draconian anti-encryption law that could potentially compel companies to build surveillance backdoors into their encrypted products and services. Others see it as a measured response to the “going dark” issue, which does not permit the creation of decryption capabilities or the implementation of so-called “backdoors.” Reference
Consumer Data Right (CDR):
The Consumer Data Right is a world-leading data sharing and portability initiative. Every time a consumer purchases or uses a product or service, valuable data is generated about them. In the past, this data was exclusively held by the product or service provider. With the introduction of the Consumer Data Right, consumers can choose whether to share their data, who they want to share it with, and for how long. The Consumer Data Right also requires businesses to share data about the products and services they offer in a standardized way. This makes it easier to compare offers. Reference
The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders. Consequently, they develop and drive the adoption of data security standards and resources for safe payments worldwide. Additionally, the PCI SSC’s mission is to enhance global payment account data security by developing standards and supporting services that drive education, awareness, and effective implementation by stakeholders. In order to achieve this, we provide PCI compliance consulting services, utilizing a strategic framework to guide our decision-making process. This framework ensures that every initiative is aligned with our mission and supports the needs of the global payments industry. Reference
CPS 234 is an information security law that is meant to protect regulated organizations from cyberattacks and other security threats. Furthermore, when a clear data breach or other security event is identified, firms must respond quickly. Cyberattacks are becoming more frequent, complex, and damaging, and criminals are continually upgrading their efforts to destroy systems, networks, and information. CPS 234 requires entities regulated by APRA to maintain information security systems and practices that are appropriate for the dangers they face in order to decrease risk and improve cybersecurity. It also requires businesses to employ supplier risk management practices in order to limit the frequency and severity of third-party accidents.
Not just these we also specialize in State wise information security and Data Privacy laws.
Information Privacy Act 2014 (Australian Capital Territory):
Furthermore, the Information Privacy Act 2014 (ACT), which became effective on 1 September 2014, implemented new privacy laws that specifically apply to Australian Capital Territory public sector agencies. This act also established the Territory Privacy Principles, which define standards for the handling of personal information. Additionally, it is worth noting that these principles resemble the Australian Privacy Principles (APPs). Reference
Information Act 2002 (Northern Territory):
Additionally, the Information Act 2002 combines laws related to privacy, freedom of information, and public records into a comprehensive Act. Furthermore, this Act has a specific scope that applies solely to records created by the Northern Territory government and NT government agencies. Moreover, it is essential to note that access to non-government and Commonwealth records is governed by separate legislation. The Information Act plays a crucial role in supporting and regulating applications for accessing personal records related to the time spent in care within the Northern Territory. Reference
Privacy and Personal Information Protection(PPIP) Act 1998 (New South Wales):
The Privacy and Personal Information Protection Act 1998 (PPIP Act) defines the management of personal information by New South Wales (NSW) public sector agencies and establishes the functions of the NSW Privacy Commissioner. NSW public sector agencies, statutory authorities, universities, NSW local councils, and other bodies whose accounts are audited by the Auditor General are all bound by the provisions of the PPIP Act. Reference
Information Privacy Act 2009 (Queensland):
The primary object of this Act is to provide for (a) the fair collection and handling in the public sector environment of personal information; and (b) a right of access to, and amendment of, personal information in the government’s possession or under the government’s control unless, on balance, it is contrary to the public interest to give the privileged access control or allow the information to be amended. Reference
Personal Information Protection Act 2004 (Tasmania):
The collection, maintenance, use and disclosure of personal information relating to individuals is regulated by the Personal Information Protection Act 2004 (PIP Act). The Act places specific obligations upon personal information custodians for this purpose. Under the PIP Act, the public authority is the custodian of personal information related to its functions and activities. Reference
Privacy and Data Protection Act 2014 (Victoria):
This Act aims to:
- Ensure responsible collection and handling of personal information within the Victorian public sector.
- Provide remedies for interferences with individuals’ information privacy.
- Establish a protective data security regime for the Victorian public sector.
- Establish a regime for monitoring and assuring data security within the public sector.
- Establish the Commissioner for Privacy and Data Protection.
- Repeal the Information Privacy Act 2000 and the Commissioner for Law Enforcement Data Security Act 2005, while making consequential amendments to other Acts.