Cloud icon
Judge gavel on a laptop, wooden background, top view. Online auction concept

Data security laws your business is probably breaking

As a business owner, you are required to protect your customer’s data from theft and misuse.

It makes it your job to ensure that your business stays up to date with the latest data security and privacy laws.

Failure to comply can result in fines of upwards of millions of dollars. 

Do you know the data security laws you have to comply with? If not, your business may be breaking a few even now. 

Data Security Laws

Australia regulates data privacy through a mix of federal, state and territory laws. Apart from Western Australia and South Australia, others have their own data protection bills applicable to both public and private businesses. 

Privacy Act 1988

The privacy act of 1988 is the principal data protection law in  Australia and it includes the Australian Privacy Principles (APPs).

The Privacy Act protects the handling of an individual’s personal information, including collecting, using, storing, and disclosing the said information in the private sector and the federal public sector. 

The law has been further amended in 2014 and 2017 to enhance the protection with the changing times. These changes are best reflected in the Notifiable Data Breaches scheme. Under the Notifiable Data Breaches (NDB) scheme any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the Office of the Australian Information Commissioner (OAIC ) when a data breach is likely to result in serious harm to an individual whose personal information is involved. A data breach occurs when personal information an organisation or agency holds is lost or subjected to unauthorised access or disclosure. Entities that have existing obligations under the Privacy Act to secure personal information must comply with the NDB scheme. This includes Australian Government agencies, businesses and not-for profit organisations that have an annual turnover of more than AU$3 million, private sector health service providers, credit reporting bodies, credit providers, entities that trade in personal information and tax file number (TFN) recipients.

Lastly, in 2019, the Attorney-General of Australia announced that the government would be conducting a review as a part of the Australian Competition and Consumer Commission’s Digital Platforms Inquiry. 

Information Privacy Act

In 2014, serious amendments were made in the Privacy Act of 1988 in several sectors, including, digital marketing, collection of unsolicited personal data, privacy collection statements and privacy policies, disclosure of personal information outside Australia, and credit reporting.

Repeated and serious interferences will also incur a substantial penalty according to the recent revisions. 

Man working with a computer, General Data Protection Regulation and European Union flag

Workplace Privacy Act 2011

The Workplace Privacy Act of 2011 regulates the collection and usage of workplace surveillance information in the Australian Capital Territory. This also includes the monitoring of data and computer use.

Privacy and Personal Information Protection Act 1998

The Privacy and Personal Information Protection Act 1998 (New South Wales) applies to state government agencies, statutory or declared authorities, the police service and local councils. It solely deals with how New South Wales government agencies manage personal information. 

Personal Information Protection Act 2004

The Personal Information Protection Act allows a person to access personal information held by a public authority, body, organisation, or a person who has entered a contract.

However, this law is subordinate to the Right to Information Act which takes precedence over the PIP act. 

Information of Privacy Act 2009

According to the Queensland Information Privacy Act 2009, an individual can have their data collected.

However, it has to be in accordance with specific rules or privacy principles. The act governs how Queensland government agencies collect, store and use personal information. 

Privacy and Data Protection Act 2014

The Privacy and Data Protection Act protects personal information held by Victorian government organisations.

This act was developed to control how government bodies, public sector organisations, and contracted service providers use personal and customer information. It also applies to data stored on computers. 


These are some of the critical data security laws you need to be aware of. Due to the ever evolving nature of cybercrime businesses need to partner with cybersecurity experts to ensure they understand legislative requirements, policy changes and the tools and training that they need to protect their organisations.

Ensure that your business is compliant with data security laws by talking to our team of data security specialists.

Cloud Voice & Data