The Future of Privacy Compliance?

Grant Thornton Head of Risk and Compliance Jo-Anne Hayes talks about the importance of having privacy policies around the onboarding and use of digital, online tools, pilots and free trials.

Would your company pass the Fair and Reasonable Test? “People have started saying ‘well, we shouldn’t just be thinking about could-we, but we should be thinking about should-we. And I think if you bundle up fair and reasonable, if you bundle up privacy as a human right, if you bundle up potential rights to claim against companies, that should-we questions could be your north star and your guiding light until we have actual legislation to live by.” – Lyn Nicholson, General Counsel, Holding Redlich. The Australian government has agreed in principle to many recommendations made in the review of the Privacy Act—one of which is the fair and reasonable test, which will require regulated entities to make an impact assessment before collecting personal data for products or services. Holding Redlich General Counsel Lyn Nicholson talks about the potential impact of the fair and reasonable test because it might not be a bad idea to use it as a guiding principle even though it is not a requirement…. yet. Resources • Government response to the Privacy Act Review Report: https://www.ag.gov.au/rights-and-protections/publications/government-response-privacy-act-review-report#:~:text=In%20its%20response%20to%20the,to%20best%20protect%20this%20information • Dymocks confirms 1.2 million customers shared on the dark web in data breach: https://www.abc.net.au/news/2023-09-15/dymocks-confirms-1-million-customers-details-leaked/102863820 • Data Breach could cost Medibank $ 35 million in 2024: https://www.itnews.com.au/news/data-breach-could-cost-medibank-35-million-in-2024-599566 • Equifax fined $13.4 million following data breach: https://www.cshub.com/attacks/news/equifax-data-breach-fine

Are there cultural challenges in your organisation? How are you measuring them? Are your solutions proactive or reactive? Have you developed a psychologically safe workplace? Ombpoint Managing Director Lindall West stresses, the importance of proactively approaching people risk in organisations. Resources Respect@ Work: https://www.respectatwork.gov.au/ Anti-Discrimination and Human Rights Legislation Amendment (Respect at Work) Bill 2022: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/bd/bd2223a/23bd027#:~:text=The%20purpose%20of%20the%20Anti,2020)%20(the%20Report). Ombpoint: https://ombpoint.com/organisations-are-auditing-their-culture-and-conduct-are-you/

CCL Consultants Principal & Australian Compliance Institute Course Facilitator Bronwyn Gallacher talks about the Treasury Laws Amendment (More Competition, Better Prices) Bill and the impact that the increased maximum penalties could have on Qantas and other matters after the royal assent of the amendment. Resources Treasury Laws Amendment (More Competition, Better Prices) Bill 2022: https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6923 ACCC Takes court action alleging Quantas advertised flights it had already cancelled: https://www.accc.gov.au/media-release/accc-takes-court-action-alleging-qantas-advertised-flights-it-had-already-cancelled Record penalties of $438 million ordered against Phoenix Institute and CTI for acting unconscionably and misleading students: https://www.accc.gov.au/media-release/record-penalties-of-438m-ordered-against-phoenix-institute-and-cti-for-acting-unconscionably-and-misleading-students

GRC Solutions Head of Content Adrian Phoon talks about an upcoming webinar and future discussion groups to be conducted in conjunction with the Australian Compliance Institute. Register for The Compliance Webinar now!: https://thegrcinstitute.org/Events/eventdetail/2188 Have your say on future topics: https://www.surveymonkey.com/r/L9BFKG5 Event Description The Discussion Group will feature a range of guest speakers. The aim is to equip members with practical advice from subject matter experts and promote discussion and knowledge-sharing between peers. To launch the discussion group, we are offering a webinar event, that will be open to members and non-members. This webinar from 12-1pm on Monday 20 November. This is an opportunity for non-members to get an understanding of the topics we cover and how they might benefit from participating in discussion groups.

LexisNexis Head of Content Regulatory Compliance Kieran Seed, outgoing-Australian Compliance Institute CEO and Interim-Australian Compliance CEO discuss the state of financial crime-related risks and regulation through the lens of the Lexis Nexis Whitepaper, 2023-2024 AML-CFT Compliance Roadmap Leveraging ISO 37301. Download your copy of the 2023-2024 AML-CFT Compliance Roadmap Leveraging ISO 37301 now: https://www.lexisnexis.com.au/en/insights-and-analysis/research-and-whitepapers/2023/2023-2024-aml-cft-compliance-roadmap Resources CPS 230 Operational Risk Management: https://www.apra.gov.au/operational-risk-managementAPRA and ASIC commence joint administration of the new Financial Accountability Regime: https://www.apra.gov.au/news-and-publications/apra-and-asic-commence-joint-administration-of-new-financial-accountability ISO 37301: https://www.iso.org/standard/75080.html Related Financial Crime Podcasts AML & Financial Crime 2023 Wrap-Up: https://soundcloud.com/user-89551722-76965574/aml-financial-crimes-congress-wrap-up-1 AML & Financial Crime Congress 2022 & Sanctions: https://soundcloud.com/user-89551722-76965574/aml-financial-cirmes-congress-2022-sanctions Thinking about Board Education in AML Compliance: https://soundcloud.com/user-89551722-76965574/thinking-about-board-education-in-aml-compliance AML & Financial Crime Congress 2023 Presentation - Carolyn Hanson: https://soundcloud.com/user-89551722-76965574/aml-financial-crime-congress-2023-carolyn-hanson Other Related Podcasts Showing evidence in ISO37301: https://soundcloud.com/user-89551722-76965574/showing-evidence-in-iso-37301-draft The Ecosystem of FAR: https://soundcloud.com/user-89551722-76965574/the-ecosystem-of-the-far-draft-2

alteredstate Director Craig Chappell talks about productivity, efficiency and getting more time back for yourself. Don’t miss the Productivity + Workshop: Workload and Workflow Mastery! Register Now: https://thegrcinstitute.org/Events/eventdetail/2187 Event Details Productivity + Workshop: Workload and Workflow Mastery The Australian Compliance Institute is pleased to be able to provide access to this workshop by alteredstate for our members. With multiple competing priorities, juggling the compliance workload can be overwhelming and take up valuable time in itself. This workshop will help you manage the requests and demands on your time, freeing you up so you can achieve balance and clarity for your priorities. Balance is essential for your well-being, as the schedule for compliance deadlines only accelerates constantly. You need to be at your best to deliver your best. These workshops will take you through approaches to your workload and will be followed up by one-on-one coaching to ensure you are putting the lessons into practice. The structure of the sessions will be: • Workshop session one: 8 November – 10:30 am – 2:30 pm • Workshop session two: 15 November - 10:30 am – 2:30 pm 1:1 Coaching to start after 20 November. Register Now: https://thegrcinstitute.org/Events/eventdetail/2187

"Documentation of accountability is just the starting point; it is imperative that you can demonstrate that it is embedded in the BAU of your organisations. And remember, as businesses evolve, role changes and go into different areas of accountability--it's quite dynamic." Adder Rock Consulting Principal Richard Sheldon looks at the ecosystem around the Financial Accountability Regime. Resources CPS 511 Remuneration: https://www.apra.gov.au/sites/default/files/2021-08/Final%20Prudential%20Standard%20CPS%20511%20Remuneration%20-%20clean_0.pdf CPS 230 Operational Risk Management: https://www.apra.gov.au/sites/default/files/2022-07/Draft%20Prudential%20Standard%20CPS%20230%20Operational%20Risk%20Management.pdf CPS 234 Information Security: https://www.apra.gov.au/sites/default/files/cps_234_july_2019_for_public_release.pdf Financial Accountability Regime: https://www.apra.gov.au/financial-accountability-regime In Case You Missed It: Delegation of Compliance https://soundcloud.com/user-89551722-76965574/delegation-of-duty-in-compliance

The AML & Financial Crime Congress 2024: Connecting the Dots will be held on 15 May 2024. Until then, here is a session from this year's congress. At the AML & Financial Crime Congress 2023, Financial Crime Compliance Professional and Australian Compliance Institute member Carolyn Hanson discussed a practical approach to financial crime compliance in high-risk environments and jurisdictions. Enjoy! Register now for the AML & Financial Crime Congress 2024: Connecting the Dots - https://thegrcinstitute.org/Events/eventdetail/2185

Australian Compliance Institute Director Annette Donselaar closes GRC 2023 Conference in August, calling on risk and compliance professionals to step up.