Assure your customers their data is safe with you
Protect your customers and your business with
the Data Trust Platform.
An analysis of Western Australia's upcoming Privacy and Responsible Information Sharing (PRIS) legislation, comparing it with similar privacy laws to enable organizations to get a head start on preparing for the law.
This post has been updated to reflect that the legislation has been submitted to Parliament, as well as the release of the Information Management Framework for WA Government in May 2024.
Organizations committed to safeguarding their customers’ sensitive information need to be proactive. As the data privacy regulatory landscape evolves, being prepared before the regulation goes into effect can ensure organizations can meet their obligations and maintain compliance.
At RecordPoint, we’re committed to helping customers comply with data privacy laws from federal and state governments, including the upcoming Privacy and Responsible Information Sharing (PRIS) legislation in Western Australia (WA). But the first step in compliance is understanding.
While PRIS has yet to be finalized, we can get a head start on our response by reviewing the features of the law and comparing it to similar laws. Let's first take a closer look at the high-level features of PRIS.
According to the Western Australian government, PRIS aims to modernize privacy safeguards and enhance transparency and accountability in government information sharing. This will establish a robust data privacy system that effectively protects the personal information of Western Australians.
The proposed new laws in Western Australia will focus on several areas of reform, including:
You can access a helpful fact sheet on the upcoming legislation here.
To ensure the successful implementation of these privacy measures, the government plans to appoint a Privacy Commissioner and a Chief Data Officer, alongside establishing a mandatory breach notification scheme, providing increased oversight, accountability, and penalties for non-compliance.
While some organizations may delay addressing their privacy practices until the legislation is finalized, the urgency to address ongoing these issues cannot be overstated. Although we don't yet have all the details of the upcoming PRIS reforms, Western Australian-based organizations should look to other legislation to get a head start.
If we use the Australian Privacy Principles (APPs) as a guide, there are some key areas that you can focus on to get ready for the introduction of the new legislation.
APP 9 places restrictions on organizations concerning the adoption, use, and disclosure of government-related identifiers. To handle government-related identifiers in a compliant manner, you need to know which government-issued personally identifiable information (PII) you hold.
Organizations must diligently identify and safeguard government-issued identifiers such as Medicare numbers, tax file numbers, and driver's license numbers in their data.
The RecordPoint Platform enables organizations to detect this sensitive data, allowing customers to protect what matters and remove the rest.
Through an analysis of millions of records, we've identified some key trends that shed light on the rates of personal information that may be present in your organization's repositories. Of the records we analyzed, half had some form of PII, and 10% of those records contained critical PII such as passport numbers, social security numbers, and driver's licenses. It's clear most organizations need help managing their PII. See our full report on the rates of PII and PCI here.
APP 11 states that organizations must take reasonable steps to protect personal information they hold from misuse, interference, and loss, as well as from unauthorized access, modification, or disclosure. Organizations are also obligated to destroy or de-identify personal information in certain circumstances.
By maintaining a comprehensive data inventory, entities can enhance their ability to monitor, control, and respond to potential risks, thus fortifying their defense against privacy breaches. This underscores a proactive approach to privacy management, requiring entities to assess the ongoing necessity of retaining certain data and responding appropriately to mitigate risks associated with prolonged storage.
APP 12 mandates that organizations holding personal information must provide individuals access to their data upon request.
By maintaining a comprehensive inventory of the data you hold, organizations can more effectively respond to consumer requests for access to their personal information. This not only ensures compliance but also fosters transparency and trust between organizations and their customers.
In the aftermath of a data breach, swift and strategic action is paramount. One of the critical steps in this process is the identification of compromised data and a comprehensive understanding of its implications. This knowledge not only forms the basis for an effective response but is also essential in meeting legal requirements, particularly mandatory data breach notification schemes like the one that will be introduced in Western Australia.
By leveraging the capabilities of the RecordPoint Platform, organizations can transform their data breach response from a reactive scramble to a proactive, well-informed process. It's not just about responding to incidents; it's about doing so while ensuring compliance with legal frameworks, and, most importantly, safeguarding the trust and privacy of stakeholders.
The upcoming legislation will place significant emphasis on governing inter-departmental data sharing with the introduction of 'Responsible Sharing Principles' (RSPs). The primary goal? Safeguarding the personal information of Western Australians while optimizing the delivery of services to the WA public.
In May 2024, Western Australia released the Information Management Framework for WA Government. The framework is designed to guide WA agencies as they navigate the upcoming legislation, regulations, policies, standards and strategies that will govern information management. Implementation of this framework will ensure agencies are able to maintain their compliance posture, and that they're well positioned to meet the state's incoming privacy laws.
On May 16, 2024, the PRIS Bill was submitted to Parliament.
A crucial step to ensuring compliance with regulation is maintaining a comprehensive understanding of the information held, how it's stored, and who has access to it. This is where a data inventory tool becomes invaluable. By categorizing records containing personal information, you can identify redundant or outdated data, facilitating its secure destruction when no longer required. This proactive approach not only reduces the risk and impact of data breaches but also ensures that personal information is retained only for as long as necessary.
RecordPoint can help organizations redefine how they approach data governance. It's not just about meeting legal requirements; it's about doing so in a way that prioritizes privacy, upholds responsible privacy principles, and contributes to a more efficient and secure information exchange landscape for the benefit of all Western Australians.
View our expanded range of available Connectors, including popular SaaS platforms, such as Salesforce, Workday, Zendesk, SAP, and many more.
Discover your data risk, and put a stop to it with RecordPoint Data Inventory.
Protect your customers and your business with
the Data Trust Platform.