Data Security
The Australian Privacy Principles (or APPs) are the cornerstone of the privacy protection framework in the Privacy Act 1988 (Privacy Act in Australia). There are 13 Australian Privacy Principles that control rights, standards and obligations relating to:
- personal information collection, use, and disclosure
- an organisation or agency’s governance and accountability
- integrity and correction of personal information
- the rights of individuals to access their personal information
India also, in a recent judgment of the Hon’ble Supreme Court declared the right to privacy as a fundamental right and has provided much-needed push for introducing a robust and comprehensive data protection legislation in India Accordingly a data privacy Bill was introduced in Lok Sabha (lower house) on 11th December, 2019, and is being currently being analyzed by Joint Parliamentary committee and will be passed soon. The bill is on the line of Australian privacy principles and its main aim is to protect fundamental right to privacy.
Key Responsibilities
AcoBloom International’s clients generally are data controllers or data processors, while AcoBloom acts as a data processor or data sub processor.
The data controller determines the legal means and purpose of processing of personal data of the data subject, while data processor processes the personal data on behalf of data controller or where we are data sub-processor, we process data on behalf of data processor. Although generally, data controllers are responsible for data privacy compliance, but we as data processor or data sub-processor consider ourselves as equally responsible for implementing organizational and Data security policies enabling privacy by design and default, demonstrating that data processing at our end is secured and protected enabling data controllers or data processors as applicable to be fully confident about data privacy and security while sharing their or their client’s data.
Data or Cyber security is of utmost importance to AcoBloom, we have carried out the process of identifying the risk, implementing the security controls to mitigate risk in terms of physical security, Network security, Human resource training and confidentially and work from home security measures. Our data security policy is based on the lines of Information Security Manual (ISM) of the Australian Cyber Security Centre (ACSC). In addition to ACSC, we have also finetuned our data security policies as per the guidance provided by south Australian information security management framework.
Our Data security and privacy strategy is divided into:
- Our Approach towards data Privacy and security.
- Data Privacy and Data Protection methodology and measures. We have full – fledged Information security management system manual to ensure that we conduct our activities in such a way we use the information for law full purpose, and the information assets are optimally protected in accordance with the principles of security, availability, processing integrity, confidentiality and privacy.
- Business Continuity Plan.
- Our Commitment towards data privacy and data security.