Full Privacy Act 2020 compliance review, with schedule of amendments as follows:
IPP/Requirement | Amendment |
IPP 1–4 (Collection) | Added necessity statement, lawful purpose, source of collection, and explicit purpose statement |
IPP 5 (Security) | Expanded security measures to include protection against "loss, unauthorised access, use, modification, or disclosure" |
IPP 6 (Access) | Added 20 working day response timeframe and right to information in understandable form |
IPP 7 (Correction) | Added formal correction rights and right to attach statement of correction if declined |
IPP 9 (Retention) | Added specific retention periods (7 years transactions, 2 years communications, 26 months analytics) |
IPP 11 (Disclosure) | Expanded lawful bases for disclosure with statutory language |
IPP 12 (Overseas) | Added cross-border data transfer disclosure and safeguards |
IPP 13 (Unique identifiers) | Added new section addressing unique identifier obligations |
Part 6 (Breach notification) | Added mandatory breach notification section with OPC and individual notification requirements |
Complaints pathway | Added escalation to Office of the Privacy Commissioner with contact details |
Agency details | Added YJ Consulting contact details at the outset as required by IPP 3 |
Made with Bullet