Understanding the Privacy Act Review: Its Impact on Nonprofits, Medical, and Education Sectors

In February 2023, the Privacy Act Review Report was released after two years of extensive consultation and review of the Privacy Act 1988 (Cth). It included proposed reforms aimed at strengthening the protection of personal information and the control individuals have over their information.

But what does this actually mean for you?

Building on our previous discussion in the ‘Essential 8 vs. Privacy Act article’, we explore the nuances of the Privacy Act Review and its implications, particularly for the nonprofit, medical, and education sectors.

In This Article


What is the Privacy Act?

The Privacy Act review, initiated in Australia, was designed to update privacy laws in light of technological advancements. It focuses on data handling, individual rights, organisational accountability, and regulatory enforcement, ensuring that privacy laws stay relevant.


Report Definitions: “Agreed” vs “Agreed in Principle”

“Agreed” Proposals

When the government agrees to a proposal, it means that they have committed to developing legislative provisions for these measures. This agreement is more definitive, indicating a clear intention to enact the proposed changes.

“Agreed in Principle”

This indicates a provisional agreement subject to further engagement and analysis. It means that while the government supports the idea behind the proposal, it requires more detailed examination, impact analysis, and consultation with regulated entities. This is to ensure a balanced approach, considering both privacy benefits and the potential economic and regulatory impacts on entities.


Timeline and Next Steps

The review process involved evaluating the pros, cons, and costs of various proposals. This led to the modification of some proposals, the discontinuation of others, and the introduction of new ones. Some proposals haven’t been subject to stakeholder feedback yet and will need further discussions before they can be implemented. Considering the comprehensive steps of consultation, impact assessment, and legislative development, it’s anticipated that the actual implementation of these changes might not take place until late 2024 or later.


How the Privacy Act Review Affects Non-Profits

Here is a collection of principles that could impact non-profits and potential use cases:

Agreed In FullAgreed In Principle
Protection of De-identified Information (Proposal 21.4): A domestic violence support centre safeguards de-identified client data.

New Tiers of Civil Penalty Provisions (Proposal 25.1 & 25.2): A mental health service provider could face penalties for mishandling client data.

Consent for Geolocation Tracking Data (Proposal 4.10): An app by a homeless support organisation gets explicit consent for tracking location data.

Standard Contractual Clauses for Overseas Data Transfer (Proposal 23.3): Organisations ensure the protection of sensitive data when sharing with international partners.

Sensitive Information: Support services dealing with genetic disorders must ensure robust consent processes and secure data handling.

Fair and Reasonable Information Handling: Charities must ensure the fair use of personal stories and data in campaigns.

Vulnerability Protections: Services supporting vulnerable groups like domestic violence survivors must handle data with additional care.

Organisational Accountability: A privacy officer is needed to ensure data protection and handle privacy inquiries or complaints.


How the Privacy Act Review Affects the Medical Industry

Here is a collection of principles that could impact medical and healthcare organisations and potential use cases:

Agreed In FullAgreed In Principle
Purpose Identification for Consent (Proposals 14.2 & 14.3): A clinic must transparently state why it’s collecting patient data, such as for treatment, billing, or sharing with specialists.

Amendment to Objects of the Act (Proposals 3.1 & 3.2): Healthcare providers must balance patient care with the individual’s right to privacy.

Protection of De-identified Information (Proposal 21.4): Hospitals protect de-identified patient data from potential misuse or re-identification.

Enhanced OAIC Guidance for Data Destruction and De-identification (Proposal 21.5): Medical practices follow detailed guidelines for destroying or de-identifying patient health records.

New Tiers of Civil Penalty Provisions (Proposal 25.1 & 25.2): Clinics could face penalties for improper handling of patient data or administrative breaches.

Consent for Geolocation Tracking Data (Proposal 4.10): Healthcare apps require explicit consent from users before tracking their precise location data.

Emergency Declarations and Information Disclosure (Proposal 5.4 & 5.5): In health crises, hospitals may need to disclose patient information to state authorities under emergency declarations.

Standard Contractual Clauses for Overseas Data Transfer (Proposal 23.3): Medical research institutes use standard contractual clauses when sharing patient data overseas.

Requirement for Redress in Privacy Breaches (Proposal 25.5 & 25.6): Healthcare facilities must provide redress for harm caused by data breaches, including mitigating any potential damage.

Clarification of Personal Information: Hospitals must consider data like IP addresses from online consultations as personal information.

Sensitive Information: Genetic testing labs must implement heightened security measures, like encryption and strict access controls, for genomic data.

Small Business Exemption Removal: Small clinics will now need comprehensive privacy policies and data protection practices.

Fair and Reasonable Information Handling: Patient data used for research must be transparent and within ethical guidelines.

Enhanced Data Breach Obligations: Hospitals must report breaches within 72 hours to authorities and affected patients.

Organisational Accountability: A privacy officer in a healthcare provider must oversee data handling and staff training on privacy policies.

High Privacy Risk Activities: New patient data systems require Privacy Impact Assessments before use.

Automated Decision-Making (ADM) Policies: Telehealth apps using ADM must clearly disclose how decisions impact patient care.

Direct Marketing, Targeting, and Trading: Pharmaceutical companies must comply with strict rules for marketing based on healthcare professionals’ data.

Children’s Privacy: Paediatric services must ensure digital platforms comply with new rules on children’s data.

Vulnerability Protections: Hospitals need extra data protection measures for patients with mental health issues eg: encryption

Simplification of Terms and Obligations: Healthcare IT providers need clear distinctions in their roles as data processors or controllers.

Overseas Data Flow Regulations: Research firms must use standard contractual clauses for international data sharing.

Expanded Individual Rights: Patients can ask hospitals to delete or explain the use of their medical records.


How the Privacy Act Review Affects the Education Sector

Here is a collection of principles that could impact the education sector and potential use cases:

Agreed In FullAgreed In Principle
Purpose Identification for Consent (Proposals 14.2 & 14.3): A high school clearly states why it’s collecting personal information, like health records or educational support services.

Amendment to Objects of the Act (Proposals 3.1 & 3.2): A primary school ensures the protection of student and parent information, aligning educational needs with privacy rights.

Enhanced OAIC Guidance for Data Destruction and De-identification (Proposal 21.5): Schools adhere to guidelines on securely destroying or de-identifying records, such as counselling notes.

Emergency Declarations and Information Disclosure (Proposal 5.4 & 5.5): Schools may disclose student information to authorities in emergencies under specific conditions.

Requirement for Redress in Privacy Breaches (Proposal 25.5 & 25.6): Schools are required to identify, mitigate, and provide remedies for any harm caused by a data breach.

Clarification of Personal Information: Schools handling online learning data must treat technical details, such as login information, as personal information.

Small Business Exemption Removal: Small tutoring services must ensure compliance with the Privacy Act, including data protection and breach notification.

Enhanced Data Breach Obligations: Schools must rapidly inform parents and authorities of any data breaches, adhering to the 72-hour notification rule.

High Privacy Risk Activities: Schools implementing student tracking systems must evaluate privacy risks beforehand.

Automated Decision-Making (ADM) Policies: Learning platforms using ADM for student paths need transparent data use policies.

Direct Marketing, Targeting, and Trading: Educational apps must adhere to new regulations on targeted advertising to students.

Children’s Privacy: Schools need to safeguard children’s data on educational platforms, avoiding improper collection or use.

Simplification of Terms and Obligations: Educational software companies must understand their data handling roles when providing services to schools.

Overseas Data Flow Regulations: Universities collaborating internationally must ensure appropriate data transfer agreements.

Expanded Individual Rights: Parents and students can request schools to delete or detail the use of their personal data.


Where to from here?

Understanding these changes and preparing for their implementation is crucial for non-profits, healthcare providers, and educational institutions. The Privacy Act also plays a vital role in cyber security, but it’s not often discussed as part of a robust cyber security strategy,

Unlike others who solely focus on the Australian Cyber Security Centre’s Essential 8 framework, our cyber security solution, CyberShield, goes above and beyond that framework. CyberShield is a unique offering focused on compliance and governance measures, coupled with robust security tools and managed IT Services. The solution is also tailored according to your industry requirements.

Discuss your industry requirements and book a consultation with the team today.



C-Suite & Board Training: Because it all starts at the top!

Take your first step towards a stronger, more secure and compliant business by registering your interest for our half-day certified C-Suite & Board training. We’ll cover:

  • Data security and privacy compliance
  • Potential risks to your business and how to address them
  • Personal liabilities
  • Reporting
  • Crisis management recommendations
  • Best practices for policies and procedures
  • And more!


Register Your Interest

Navigating Cyber Security Compliance and Regulations: Essential 8 vs. Privacy Act

The ASD Cyber Threat Report 2022-2023 released mid-November 2023 highlights alarming results. It reveals that:

  • The number of cybercrime reports has increased by 23%
  • The average cybercrime cost per report is up 14%

Cybercriminals were described as adversaries who show “persistence and tenacity” and “constantly test vulnerabilities in Australia’s cyber ecosystem and employ a range of techniques to evade Australia’s cyber defences.”

As an authorised Australian Government framework, the Essential Eight were of course among the measures suggested in the report to be implemented. We’ll start off by reviewing the Essential Eight and then delve into a framework that is less talked about but is actually mandatory for most Australian organisations – the Privacy Act.


The Essential 8 is a Good Foundation (But Not the Finish Line)

The Essential Eight is a set of controls prescribed by the Australian Cyber Security Centre (ACSC) to protect organisations from cyber threats and attempts to compromise the personal information of their customers and stakeholders.

The eight strategies are:

  • Application control – restricting the use of unapproved software
  • Patching applications – updating software to fix vulnerabilities
  • Configuring Microsoft Office macro settings – disabling/limiting macros from running malicious code
  • User application hardening – disabling exploitable features (e.g., web browser plug-ins)
  • Restricting administrative privileges – limiting the number of users who can perform high-risk actions
  • Patching operating systems – updating the system software to fix security vulnerabilities
  • Multi-factor authentication – requiring an additional security layer to verify a user’s identity
  • Daily backups – creating copies of important data and storing them securely

The ACSC has developed a security model from 0 to 3 for each of these strategies. An organisation with a maturity level 0 has not achieved any of the requirements. A level 3 means the organisation has achieved a high level of maturity. A common misconception is that organisations must achieve level 3 to be compliant. On the contrary, organisations can adopt the maturity level they need, depending on their vulnerabilities to cyber threats.

The Essential Eight cyber security risk mitigation are baseline strategies, and implementing them is the minimum expected from organisations. They are foundational and highly recommended, but your cyber security efforts should not stop there.


The Privacy Act: Mandatory for Data Protection

In its latest report, the Australian Signals Directorate (ASD) urges businesses to ensure resistance to cyber threats and go beyond the Essential Eight.

Say hello to the Privacy Act 1988.

Whilst the Essential Eight is one of the most well-known frameworks in Australia, its strategies are actually not mandatory. In contrary, the Privacy Act is less mentioned but most Australian organisations handling personal information must comply with it.

The organisations covered by the Privacy Act have an annual turnover greater than $3 million* OR are:

  • An Australian Government agency;
  • Private sector health service providers including private hospitals, therapists, gyms and child care centres;
  • Not-for-profit organisations;
  • Businesses that sell or purchase personal information;
  • A credit reporting body;
  • A contracted service provider for an Australian Government contract;
  • A business that holds accreditation under the Consumer Data Right System; and
  • A business that is related to a business that is covered by the Privacy Act.

*Note: Following the Privacy Act review in September 2023, one of the ‘Agreed in Principle’ proposals was the abolishment of the small business ($3m) exemption. Learn more.


The Privacy Principles

The Privacy Act includes 13 Australian Privacy Principles (APPs) that organisations must comply with, so you should be careful of the financial risks if you were to be assessed by the government. Meanwhile, whilst the Essential Eight are not mandatory, being non-compliant with some of those steps could lead to legal actions under the Privacy Act.

In short, the Essential Eight and the Privacy Act are both vital to IT security and data protection – but let’s look at the Privacy Act in more detail. The law regulates how personal information is handled by organisations and agencies. Below is an overview of the APPs which set the standards, rights, and obligations for collecting, using, disclosing, storing, securing, and accessing personal information.

APP 1Open & Transparent Management of Personal InformationAPP entities must have a privacy policy and handle personal information lawfully and fairly.
APP 2Anonymity & PseudonymityIndividuals must have the option to not identify themselves or use a pseudonym when dealing with APP entities, unless impracticable or unlawful.
APP 3Collection of Solicited Personal InformationAPP entities must only collect personal information that is reasonably necessary or directly related to their functions or activities and do so by lawful and fair means.
APP 4Dealing With Unsolicited Personal InformationAPP entities must determine whether they could have collected the personal information under APP 3 and, if not, destroy or de-identify it as soon as practicable.
APP 5Notification of the Collection of Personal InformationAn APP entity that collects personal information must tell an individual about certain matters under certain circumstances.
APP 6Use or Disclosure of Personal InformationAPP entities must only use or disclose personal information for the purpose for which it was collected unless the individual consents or an exception applies.
APP 7Direct MarketingAn organisation may only use or disclose personal information for direct marketing purposes if certain conditions are met.
APP 8Cross-Border Disclosure of Personal InformationOutlines what an APP entity must do to protect personal information before it is disclosed overseas.
APP 9Adoption, Use or Disclosure of Government Related IdentifiersAPP entities must not adopt, use or disclose a government-related identifier of an individual, unless the identifier is prescribed by law, or an exception applies.
APP 10Quality of Personal InformationAn APP entity must take reasonable steps to ensure that the personal information they collect, use, or disclose is accurate, up-to-date, complete, and relevant.
APP 11Security of Personal InformationAPP entities must take reasonable steps to protect personal information from misuse, interference, loss, unauthorised access, modification or disclosure, and to destroy or de-identify personal information when it is no longer needed.
APP 12Access to Personal InformationAn APP entity must give individuals access to their personal information on request, unless an exception applies, such as when giving access would pose a serious threat to someone’s life or health.
APP 13Correction of Personal InformationOutlines the reasonable steps an APP entity must follow to correct personal information that is inaccurate, out-of-date, incomplete, irrelevant or misleading, either on their own initiative or at the request of the individual.

Over the last few years, we’ve seen an influx of cybercrime which prompted a lengthy review of the Privacy Act. In September 2023, a report was released over 100 new principles and while some were agreed in full, there were many only “agreed in principle”. One in particular was the proposal to remove the exemption for small businesses.


Discover How This Impacts Your Organisation

How the Privacy Act Review Affects Non-Profits

How the Privacy Act Review Affects the Medical Industry

How the Privacy Act Review Affects the Education Sector

See Privacy Act Report


The Essential 8 and The Privacy Act: Parallel Paths to Protection

The frameworks of the Essential Eight and The Privacy Act both aim to enhance the cyber resilience and privacy protection of Australian entities. Here’s how they compare:

The Essential 8The Privacy Act
What is it?A recommended set of eight strategies to mitigate cyber security threats and incidents.A comprehensive law that regulates the handling of personal information.
What’s the purpose?To help organisations prevent or minimise the damage caused by cyberattacks.To help organisations comply with their legal obligations and ethical responsibilities when handling personal information.
How do organisations benefit from it?Reduction of cyber-attack risk and protection of sensitive data.Prevention of data breaches and improvement in customer trust.
What are the consequences of non-compliance?No penalties but can increase the risk of threats and compromise sensitive data.Companies:

1. AU$50 million, or;

2. Three times the value of benefits obtained or attributable to the breach (if quantifiable) or;

3. 30% of the corporation’s ‘adjusted turnover’ during the ‘breach turnover period’ (if the court cannot determine the value of the benefit obtained)


Was $440,000 but was increased to $2.5 million on December 13th 2022.

What’s involved?Assessing an organisation’s current level of compliance, based on a four-tier maturity model, then implementing the strategies and moving toward optimal protection at maturity level 3.Understanding an organisation’s obligations under the APPs, then implementing privacy policies and practices, guided by resources and tools from the OAIC.
Who’s covered? Recommended for all organisations, but not mandatory for Australian businesses.Mandatory for organisations with an annual turnover of more than $3 million*. Some small businesses are also covered if they store person identifiable information and meet other criteria.

*This is expected to change following the Privacy Act Review.

Is it mandatory?Not mandatory for Australian businesses, but highly recommended.


Mandatory for Australian businesses that meet the criteria of APP entities.



What Your Cyber Security Strategy Should Look Like

In the end, your organisation should aim for the level of cyber protection that is best suited and ensure full compliance with laws and regulations. You can approach it with a combination of the 8 mitigation strategies and the 13 principles.

ADITS CyberShield solution takes cyber protection to a whole new level where security is at the core of everything we do. Our offering includes managed services and compliance & governance measures as well as security measures and monitoring to ensure your business is industry compliant.


Your Cyber Security Journey

Compliance does not automatically translate to strong cyber security. Likewise, cyber security is not “set and forget”. It is a continuing process that needs your attention and effort if you want to ensure that your systems and data are always protected.

Understanding the Essential Eight and the Privacy Act is important. Since cyber security is complex and ever-evolving, it’s also vital to keep up-to-date with cyber security solutions, trends, and best practices. Though cyber security may seem mostly technical, it is in fact a business matter.

Executives and board members are personally liable in the event of a breach so instilling a cyber security culture throughout the organisation should be a priority.

With this in mind, ADITS is launching a half-day certified C-Suite training workshop where we’ll go through:

  • Data security and privacy compliance
  • Potential risks to your business and how to address them
  • Personal liabilities
  • Reporting
  • Crisis management recommendations
  • Best practices for policies and procedures

Register Your Interest For Our C-Suite & Board Training

ADITS are Elevating Standards with Triple ISO Certification

ADITS are excited to announce a significant milestone in our pursuit for excellence – achieving three ISO certifications: ISO 9001 for Quality Management, ISO 14001 for Environmental Management, and the 2022 version of ISO 27001 for Information Security Management.

This achievement not only marks a compliance milestone but also represents our dedication to leading the way in quality, environmental sustainability, and information security.

ADITS - ISO 9001 for Quality Management Certified Badge

ISO 9001: Ensuring Quality Excellence

Our commitment to quality is relentless. The ISO 9001 certification highlights our dedication to maintaining rigorous processes that continually drive positive change, enhance customer satisfaction, and position ourselves as trusted technology partner.

ADITS - ISO 14001 for Environmental Management Certified Badge

ISO 14001: Championing Environmental Sustainability

From responsible resource management to waste reduction, we are actively contributing to a greener and cleaner planet, which is recognised by the ISO 14001 certification.

ADITS - ISO 27001 for Information  Security Management Certified Badge

ISO 27001: Safeguarding Information Security

At ADITS, we firmly believe in practising what we preach, especially when it comes to cyber security. And successfully transitioning to the 2022 version of ISO 27001 reinforces that commitment to having robust information security practices.

“Our triple ISO certification signifies more than just compliance—it reflects our dedication to excellence, transparency, and accountability,”

Adam Cliffe, Managing Director – SEQ.

“These certifications are not just milestones; they’re part of our ongoing mission to strengthen and protect the business community. They set new industry benchmarks and demonstrate our passion for delivering exceptional service,”

Ashley Darwen, Managing Director.

Thank You to All Involved

A special thank you goes to ISO365 for their invaluable support throughout our certification process. Their expertise and guidance have been instrumental in helping us achieve these certifications.

As well as a huge thank you to our team, clients, partners, and stakeholders for their unwavering trust and continued support.

We are excited about the future and are committed to continuously raising the bar, so stay tuned for more!

7 Ways to Work Smarter (Not Harder) with Microsoft Copilot

Can you imagine making 100 copies of a 100-page document entirely by hand, with just pen and paper?

That’s what we would be doing if not for digital duplicators, photocopiers, and scan-to-print devices. Those machines have made document reproduction much faster and easier, as inventions and tools do.

One recently popular tool is AI. We have seen the likes of ChatGPT and DALL-E, and more yet are coming. In business, Microsoft Copilot is emerging as a highly useful digital assistant. How exactly can Copilot help you work smarter? Look at these specific ways.

1. Proposal Generation in a Legal Services Firm

Let’s say you are a lawyer in an estate law firm, and you need to prepare a consulting proposal for a client. You can use Microsoft 365 Copilot in Word to draft the proposal. Just provide information such as the client’s name, the purpose of the proposal, the services you are offering, its benefits, and a call to action.

After Copilot generates the document, you can review and make changes. You may also ask Copilot to check your grammar, spelling, and punctuation and offer suggestions to improve your writing.

You could even have Copilot help you to format the document according to the best practices in your industry. Use it to suggest and apply styles, headings, bullet points, tables, charts, and images to your proposal.

Before submission, use Copilot to share your proposal with your colleagues and get feedback and suggestions. It can help you to track changes, comments, and revisions and keep your document up to date.

2. Data Analysis & Visualisation for Nonprofit Resource Allocation

If your non-profit needs to decide about resource allocation in, say, promoting disability rights, you can use Copilot to gather and process data for your basis.

Also use Copilot to help you:

  • Collect data from a variety of sources that you specify
  • Check the data for errors and inconsistencies
  • Use a tool like Excel to analyse your data and identify patterns
  • Generate charts/data visualisations for clearer presentation
  • Check the data for errors and inconsistencies
  • Create a report and a presentation to communicate the results

3. Patient Report Writing for a Healthcare Provider

Periodic patient reports are a regular task for healthcare professionals. A medical specialist can use Microsoft Copilot to automate report generation, summarising a patient’s medical history, current medications, treatment plans, and patient progress updates.

The report writer can ask Copilot for help in:

  • Collecting data from electronic health records (EHRs), billing systems, and databases
  • Instructing Copilot how to create the report, using a JavaScript or Python script
  • Actual report generation
  • Filing the reports and sharing with relevant personnel

4. Chatbots for a Financial Services Business

If your organisation offers financial services, chances are you will often receive queries and customer support requests. You can use Copilot for:

  • Training chatbots to answer common customer questions and about your offerings
  • Providing real-time support to your customer support staff, including finding relevant and accurate information, drafting standard responses, and resolving issues speedily
  • Generating reports and analytics about customer interactions, to identify and address areas for improvement in customer support

5. Legal Document Templates Generation

Lawyers, legal secretaries, and paralegals can get smart with Microsoft Copilot when creating templates for non-disclosure agreements, wills, trusts, and other documents. Just identify the templates that you need, then provide Copilot with relevant data such as your business name, address, and contact information.

You may use a Copilot script to specify how to generate the legal document templates. You could then run the script, review the templates, proofread and improve them. Copilot can also assist in formatting your document templates and, if needed, convert documents from Word into PDF or HTML which could be easier to share and use.

6. Marketing Campaign Automation for Non-Profit Fundraising Program

If you work in a non-profit organisation aiming for increased donor engagement, improved efficiency, and better fundraising campaign insights, Copilot can assist you in several ways:

Generating Personalised Email Campaigns

Marketing staff can tap Copilot to generate personalised email campaigns for donors and potential donors. This can help increase open rates and click-through rates.

Creating Social Media Posts

Copilot can be used to create social media posts tailored to the interests of target supporters. This can increase engagement on social media and even drive more traffic to your website.

Segmenting Donor Lists

Fundraising staff can use Copilot to segment donor lists based on factors like donation history, interests, and demographics. This can help you to target donor audiences more effectively.

Tracking Campaign Results

Copilot can help executive staff track the results of campaigns, including email open rates, click-through rates, and social media engagement. These can help you improve on future campaigns.

7.Financial Modelling & Analysis (FMA) in Education & Training

If a private training institution is proposing a new set of courses, they can do an FMA to make decisions – about launching the courses, for resource allocation, and to find out the financial impact on the organisation. In particular:

  • Copilot can be used to analyse data (e.g., government reports, industry surveys, and social media) to identify the potential market for new courses. For example, Copilot can help identify fast-growing industries and develop new courses that will train students for jobs in those industries.
  • Copilot can help to estimate the costs of new courses, including course materials development, hiring instructors, and marketing the courses. Copilot can also be used to estimate the potential revenues and recommend the tuition fee rates.
  • Copilot can be used to evaluate the financial impact of new courses on the overall business. For instance, Copilot can help estimate the increase in revenue, the increase in course costs, and the impact on the overall profit margin.
  • Copilot can help in creating reports and presentations that communicate the financial benefits of new courses to stakeholders. For one, Copilot could be used to show how new courses can increase revenue and achieve strategic goals.

Microsoft 365 Copilot: Your Smart AI Assistant

Can you imagine how efficient and productive your organisation can become with Microsoft Copilot compared to without it?

The tool will be available from the 1st November 2023 to Microsoft 365 customers on a Business Enterprise agreement for an extra $30 USD per user per month. For related information, you may reach out to ADITS right now. For other practical technology guides, you may check out our free business IT resources.

10 Key Opportunities & Implications of AI for Your Business

Australian businesses are starting to reap the benefits of artificial intelligence (AI).

But what do those mean to you?

Implications of AI for Business

Forbes Advisor found majority of business owners believe AI will positively impact these:

  1. Customer relationships
  2. Productivity
  3. Sales
  4. Cost savings
  5. Response times

“We’ve never seen a technology move as fast as AI has to impact society and technology. This is by far the fastest moving technology that we’ve ever tracked in terms of its impact and we’re just getting started,” echoed Paul Daugherty, Chief Technology & Innovation Officer at Accenture. With such acceleration, 75% of executives are apprehensive that they might go out of business within five years unless they scale AI in their business.

AI Opportunities for Your Business

We have seen much of generative AI apps like ChatGPT, but there is so much more to AI. Consider these other opportunities that could benefit your business.

1. Responsive Customer Interactions

Sales and marketing leaders feel that AI has been the biggest game-changer when it comes to improving customer experience. With automated chatbots, customers can now have a 24/7 responsive channel, plus it frees up your human resources for more complex tasks. In fact, 85% of customer service interactions are now responded to by chatbots.

2. Unbiased & Objective Decisions

AI can help analyse large amounts of data to provide insights, helping businesses make informed, data-driven decisions. Data centre services provider AirTrunk is looking to use AI in finding suitable locations for data centres.

3. Savvy Business Foresight

Predictive analytics helps business to see future trends and behaviours. This enables them to be proactive and stay ahead of the competition. For example, Snack producer Frito-Lay has been turning to AI-powered analytics to leverage their data for predicting store openings and shifts in demand.

4. Personalised Experience

According to Semrush, 71% of marketers believe that AI is useful for personalisation. AI can in fact personalise customer experiences by analysing individual behaviours and patterns. One key benefit of this is increased customer satisfaction and loyalty. Bill Gates said, “A decade from now, we won’t think of those businesses as separate, because the AI will know you so well that when you’re buying gifts or planning trips, it won’t care if Amazon has the best price, if someone else has a better price — you won’t even need to think about it.”

5. Operations Efficiency Boost

AI is useful for automating routine tasks, improving efficiency and productivity. More than half of businesses now apply AI to improve their production processes or process automation. Others use AI for:

  • Search engine optimisation tasks
  • Data aggregation
  • Generating ideas, plans, presentations, reports, and website copy
  • Streamlining internal communications
  • Writing code

6. Real-Time Assistance

Provide 24/7 help to customers and to staff with AI tools, improving communication and efficiency on both sides. Cynthia Scott of Zip Co also cites the possible use of real-time generated scripts for call centre workers. AI apps can also assist your team in real-time. Microsoft Copilot is integrated into Microsoft 365 so staff can use it while working in Word, PowerPoint, Excel, OneNote, and Outlook. It can provide post-meeting recaps, help with drafting documents and presentations, and project status updates, among others.

7. Smart Security Safeguards

Fraud detection and cyber security services now use AI for:

  • Finding patterns in data
  • Spotting new cyber threats
  • Battling bots
  • Predicting data breach risks
  • Improving endpoint safety

8. Supply Chain Upgrades

AI also figures in supply chain optimisation, by predicting demand and optimising delivery routes. The use of AI has led to a 44% decrease in costs for the supply chain management industry in 2019. Thoughtworks CTO Dr. Rebecca Parsons shared with Harvard Business Review how “supply chain planning addressing disruptions in the supply chain can benefit [from AI] in two ways” – by directly handling the easy problems and by providing support in more complex cases.

9. Spot-on Talent Acquisition

The recruitment process is significantly improved with help from AI:

  • Tap a larger talent pool and crawl millions of profiles when sourcing for candidates.
  • Screen resumes and objectively score applicants without bias.
  • Post highly targeted job ads to yield better results.
  • AI can also help predict candidates’ job-fit.
  • Automate other recruitments tasks, such as doing offer letter templates, background checks, and onboarding paperwork.

10. Customer-Centric Products

AI helps in developing new products by analysing market trends, customer feedback, and competitive analysis. The Lottery Corporation CEO Sue van der Merwe noted: “AI is actually not necessarily about offering more products. It’s about offering the right products.” Other areas where AI can help are:

  • Generating ideas for new products or product improvements
  • Automating or enhancing production processes
  • Optimising the product development cycle

Emerging Business AI Assistants: Bing Chat Enterprise & Copilot

In addition to the above opportunities, Microsoft has introduced some AI innovations like Bing Chat Enterprise and Microsoft Copilot. How can they help you?

Bing Chat Enterprise

Bing Chat Enterprise* is designed to make it easier for you to communicate, collaborate, and create.

  • User and business data are safely protected.
  • Advanced search capability and gives verifiable answers with citations.
  • Chat replies can include graphs, charts, and images.
  • Ability to generate content and create images.
  • Easy access (appears on your browser sidebar at a button click).

Microsoft Copilot for Business

Copilot* is an AI assistant that can work with your business data to increase your productivity and efficiency.

  • Generate presentations based on existing information.
  • Create projection charts based on past data.
  • Provide project updates you’re your cloud data, emails, calendars, chats, etc.
  • Follow along with your meetings to produce summaries and action items.
  • Compose email replies that sound just like you.
  • And more!


(*Bing Chat comes with M365 E3, E5 and Business Premium, or as a standalone at $5 USD per user per month. Copilot will be available on 1 st November 2023 to all M365 customers on a Business Enterprise agreement, at $30 USD per user per month.) While it’s tempting to try the myriad of AI apps flooding the market, here are some of the key reasons why you should use Bing Chat Enterprise and Copilot:

  • Bing offers a broad range of data for companies that want comprehensive search results combined with customisation options.
  • As they’re part of the Microsoft ecosystem, they are a trusted source and allow for seamless integration with their other apps.
  • Microsoft has a track record and commitment to enterprise-grade security.
  • Your business data isn’t leaving your technology ecosystem, minimising your risk of data breaches.

Use AI Strategically

Like it or not, AI is revolutionising the way businesses operate. If you want to keep your edge or gain the lead, you must adopt AI wisely. Plan well for AI adoption in your organisation so you can strategically use the right AI tools for your needs. If you want to explore beyond AI and discover IT solutions that can help your business, book a free consultation with ADITS’ specialists. We can help you find the right technology to achieve your goals.

7 Proven Ways You Can Master Email Security

Around 3.4 billion phishing emails are sent daily.

It boggles the mind. But such a high number could suggest that people continue to fall for phishing. They’re becoming more sophisticated, too. Plus, it has become a lucrative industry for cyber-criminals.

Can you ever fight cyber-crime? How do you avoid the threats that come via email?

Know Your Enemy: The Biggest Email Threat to Your Business

It pays to know the most common threats that target our email inboxes. Let’s see what we’re up against:


The most common cyber threat, phishing involves a devious email that looks legitimate. It aims to trick the recipient into providing sensitive information. When attackers get your information, they can infiltrate your system and access your data.

Spear Phishing

A highly targeted phishing type, spear phishing gets information from social media or other sources to create personalised emails. Business email compromise (BEC) is a form of spear phishing and a top culprit in getting employees to reveal confidential business information.


When an email recipient unknowingly clicks on a malicious link, it installs malware on their computer. The malware then encrypts your files, and then the criminals will demand a ransom payment in exchange for decrypting your files. In some cases, your data could end up on the dark web, for sale to the highest bidder.

Email Hijacking

Email hijacking happens when someone gains unauthorised access to your account. The hacker then uses your account to send spam emails, steal sensitive information, or access online banking or other services.



Your Defence: Email Security Measures to Protect Your Business

Email security is crucial to preventing cyber-attacks on your organisation. Here are the most effective ways to stop those threats:

1. Implement Strong Password Policies

Ask all your staff to use strong passwords: at least 12 characters long (longer is better), with a combination of uppercase and lowercase letters, numbers, and special characters.

Below are other password security practices you can implement:

  • Never write down your password, save it in a file, or take a photo of it.
  • Never share your password with anybody.
  • Change your passwords regularly.
  • Use a reliable password manager app.
  • Use a passphrase with three unrelated words.
  • Use a different password for each of your accounts.

2. Use Multi-Factor Authentication (MFA)

MFA adds extra layers of security to your email. Aside from your password, MFA may require:

  • A PIN sent to your phone or email
  • A code on your authenticator app
  • A fingerprint
  • Facial recognition

You can enable MFA in your account settings in Outlook or whatever email app you’re using. Ask all your staff to do this.

3. Activate Email Security Features

Use your email’s security features and settings for anti-spam, anti-phishing, and anti-malware. Some may also have the capability to protect sensitive information, or detect and deflect unsafe links or attachments in real-time.

Ask your IT staff or provider for guidance about other protection features such as firewalls, attack surface reduction, automated detection and response, and managing mobile devices and apps.

Cyber security solutions like ADITS’ CyberShield can help you against sneaky email threats. It can help in implementing advanced policies on email threat protection, including advanced attachment scanning and link checking.

4. Don’t Click Links, Don’t Open Attachments You Didn’t Ask For

It’s always safer to not click a link, so:

  • Never click links or attachments that are suspicious.
  • Never click links or attachments in emails from unknown senders.
  • Never click links or attachments even from known senders UNLESS you have verified that it’s really from them. (Call them if you need to.)
  • Never click links or attachments in emails you are not expecting.

Ask yourself: What’s the worst that could happen if you don’t click a link?

Note that malicious links or attachments usually includes subjects or messages that stress urgency, stir a fear of missing out (FOMO), or try to gain your trust. Beware:

  • Watch out for subtly altered email addresses or company names (with A replaced by 4, I replaced by 1, and similar character swaps).
  • Take caution with zip files. They can contain malware.
  • Attachments with exe, .vbs, .scr, .cmd, and .js filename extensions are prime suspects, but it doesn’t mean other file types are safe.
  • Use an attachment scanner.

5. Keep Your Email Software Updated

Any app or software can have vulnerabilities, and the best way solution to that is keeping your software updated. Updates usually have new patches or features that improve your software’s performance, security, and compatibility.

Choose to enable automatic updates in your email software settings or manually check for updates regularly. Either way, install updates as soon they are available.

6. Build a Cyber-Aware Culture

Don’t think about email security only when you’re using email. Develop a cyber-aware culture in your organisation, where each person becomes responsible for repelling cyber threats.

Demonstrate your personal commitment to email security.

  • Lead by example. Do as you say.
  • Talk about email security regularly.
  • Make it a part of the performance review process.
  • Allocate a budget to cyber security initiatives.
  • Offer incentives for contributing to your cyber security campaign.

7. Stay Informed & Educate Your Employees

Achieving a cyber-aware culture involves training and education. Keep yourself up-to-date with cyber security news.

Follow email security experts and industry groups on social media. Subscribe to email security newsletters. Attend cyber security conferences and events. You could even take online email security courses.

Of course, don’t keep it all to yourself. Share what you learn with everyone. Develop a cyber security training program that your staff can enjoy. Do regular trainings. Simulate situations so they know exactly what to do. Be generous with information via email, posters, flyers, etc.

Be Vigilant: Do These Today

Implementing email security measures doesn’t have to be expensive. Having learned here how to fend off threats is one step – take it to the next step: Instantly implement these email security tactics.

For more information about email security and cyber security solutions as a whole, our specialists can give you a free consultation today. ADITS is your ally against all cyber threats and we’re just one call away at 1300 361 984 (Opt 3).

Stay vigilant.

Retail vs Business-Grade Devices: Get the Best Value for Your Business

“If the only tool you have is a hammer, it’s hard to eat spaghetti,” wrote David Allen in his book, Getting Things Done.

Whether you find that funny or not, it’s true: You’ve got to use the right tool for any job. You cannot expect to get the results you want from someone who is not well-equipped for it.

Now, a business computer is a very common tool in the workplace. But computers are not all the same. You use desktops, laptops, tablets, and smartphones for different things.

Among computing hardware, there are retail IT devices and business-grade devices – and those are not the same. So, what’s the difference?

The Difference Between Retail & Business-Grade Devices

Desktop computers, laptops, routers, printers, and scanners are used in many organisations. Some may have their own servers, switches or hubs, and multi-function devices. A few may be using wearables for work, and some types of IoT hardware.

Let’s compare the retail and business versions of business IT hardware.

Retail/Consumer DevicesBusiness-Grade Devices
PurposeFor general/personal useFor work/business use/multi-tasking
Aesthetics/StyleMore stylish, can be flashy, can come in more coloursProfessional looking, sleek, often in neutral colours
Operating SystemWindows HomeWindows Professional
Battery LifeStandardLonger lasting batteries
Power & SpeedStandardMore powerful, faster; laptops have faster processors, more RAM for efficiency and handling complexity
DurabilityBuilt for standard useBuilt for heavy use and longer periods, often uses more robust materials
PartsStandardOften of higher quality, more reliable
ConfigurationHarder to configureMore customisable and easier to configure
ExpandabilityLimitedMore expandability options (e.g., for storage or connectivity)
Compatibility with other devices, systems, & softwareStandardMore compatible with a wider range of devices
SecurityStandardOften with enhanced security features (fingerprint readers, advanced encryption, etc.)
Warranty, Service, SupportStandardLonger warranty, better customer service, more reliable and more comprehensive support
PriceMore affordablePricier


When it is Best to Use Business-Grade IT Hardware

When choosing between retail and business-grade devices, consider the specific needs of your business. We know that devices built for business use are often more fit for purpose as outlined in the above comparison table.

If you’re on a budget, or if your device will be used only for basic tasks, then you may be able to get by with a consumer device. However, if you have more leeway with your budget, opt for the devices that are better suited. Remember that you can get your money’s worth with business-grade hardware in the long run.

Value-Driven IT Procurement for Businesses

When buying computers or digital devices, involve your IT team or Managed IT Service Provider (MSP) throughout the entire process.

Work with them to first, assess your needs. Consult with the people who will be using the devices. What will be their primary use? What kind of work will be done on them?

Second, identify the kind of hardware that will fulfill your needs. What should be the minimum specifications? Which features are essential? Which are nice to have but not must-haves? What add-ons will be required?

Third, ask your IT team or IT Provider for product recommendations. Explore the given options –pricing, warranties, after-sales service and maintenance, vendor processes, and related matters.

You can make the decision to purchase once all your questions are answered. Otherwise, provide more information that can help find a more suitable product.

Get the Right Tool for the Right Job Through Your IT Provider

Having the right tool for a job can be a game-changer. You therefore need to select IT devices with the best value. Your IT provider can be extremely helpful navigating the relevant options and work with the manufacturers to obtain the best pricing possible by leveraging their relationship with the device manufacturers and distributors

With their technical background, they can identify and explain what’s best for your needs.  Their experience and proven procurement process can also make purchasing much easier. What’s more, an IT partner can assist you with installation, deployment, and maintenance.

Finally, an IT Service Provider can help you get all your IT hardware, software, system, and network up to speed. If you want to evaluate your entire IT infrastructure, ADITS can help you identify areas for improvement. Contact our friendly team for enquiries today.

Cyber Security Training: Making It Fun & Effective for Your Team

What happened when you bought the newest, coolest gadget for someone who didn’t know how to use it?

a) It stopped working quite soon.

b) It was used for a while and then forgotten.

c) The person really enjoyed it because they learned to use it properly.

It’s hard to enjoy its benefits when we don’t understand how something works. The same is true for cyber security in your business: You can spend for it, get the best solutions and tools, hire the most expensive consultants – but maybe for nought if your staff are not highly cyber aware.

Cyber security training is key

Our lives are now highly digitalised. IT has become essential to business. Cyber security has become extremely vital to keeping our information and systems safe. At the core of your cyber security strategies should be one key component: Training.

Why? Because human error is still the leading cause of cyber incidents. Training your employees can transform them from passive onlookers (or even weak links) into active cyber security assets.

Make your cyber awareness training more effective

Training is a must for any effective cyber security strategy, but don’t do it just to tick a box. Train your people so they can actually stop cyber threats. How can you do it more effectively? Here are some ideas…

1. Do it more often.

One annual in-person course is good but doing training two or three times in a year can help your staff to retain the lessons better. Doing training more often can also highlight the importance you give to cyber protection.

2. Keep it short.

Humans have a short attention span. People also get distracted more easily. Don’t try to cram everything into one long session. Do shorter ones instead. Doing trainings more frequently also means you can make them shorter and more focused. Plus, support in-person training with short online lessons and resources and sharing articles or videos with your staff. Utilise microlearning to feed your staff with bite-sized information.

3. Notify in advance.

Most people would appreciate an advance notice, when their calendars are still more flexible. It can also give you an idea of the number of participants, especially with pre-registration.

4. Present choices.

When a cyber security course is mandatory, it will feel like a chore, so provide your target trainees with options. Have them choose a schedule or a format (in-person or online), whenever possible. People will feel better with choices rather than when “forced”.

5. Show the benefits.

People tend to get involved when they know “what’s in it for me?”. Encourage everyone to join by presenting the benefits to their work and to the company. This can also heighten engagement for your entire cyber security campaign.

6. Make it personally relevant.

When presenting the benefits of cyber security education, mention how it can personally benefit the participants. It can increase their value as an employee, add to their skills (and to their CVs), give them better protection in their personal online activities. Stress their individual role in preventing cyber-attacks and in Australia’s cyber security leadership.

7. Make it real – avoid theories and reduce jargon.

Theories bore people. Show your trainees practical applications in their work. Aim at nurturing their cyber security skills, not brains full of technical terms. Most people will not care about IT jargon, so present concepts in relatable ways. Use real-life illustrations and metaphors.

8. Hear them out.

Many people like voicing out their opinions or asking questions. Give them an opportunity to speak out in your training events. Include a feedback mechanism that you can also use for improving your cyber awareness program.

9. Do regular audits.

Audits can include checking workstations for non-compliant software or asking staff about the company’s password policies. Just make sure you do it not to penalise but to teach cyber security in actual work situations. Audits can also reveal possible training gaps and training effectiveness.

10. Reinforce it.

Use every opportunity to build cyber awareness. Post printouts about multi-factor authentication or social engineering or other topics in your bulletin board or even on toilet doors. Send out emails on Cyber Mondays (or other day). Include some trivia in your newsletter. Create a cyber-aware culture where cyber security is always in their minds.

Perk up your cyber security awareness training!

Trainings can get people yawning. Make it more fun using these ideas:

1. Make it a hands-on experience.

Corey Bleach of EdgePoint Learning wrote: “Experiential learning puts your employees at the center of what they need to know (instead of making information the star).” People learn better by doing. Turn cyber security concepts into experiential activities.

2. Gamify it.

Games are very engaging, fun, and effective in teaching cyber security. Gamification is both mentally and physically stimulating, releasing dopamine and endorphins that both generate positive feelings that can set the mood for learning.  that both generate positive feelings that can set the mood for learning.

3. Build on teamwork.

People generally like being part of a team. Working in collaboration with other employees creates a sense of strength as a community. Emphasise the value of teamwork in fighting cyber threats and the importance of each member of your team.

4. Incentivise it.

Games work because people like winning. Award badges or points that staff can earn by attending training events or by applying cyber security measures in their work. Be generous in giving incentives – they don’t have to be expensive but can make an impact.

5. Use themes.

It can be as simple as asking trainees to wear a certain colour at the training. You can also:

  • Infuse relevant themes in your presentations like heroes and villains or tech celebrities.
  • Use monthly themes like Password Protection Month or Phishing Awareness Month.
  • Use course titles like “Don’t Even Think About Clicking the Link” (about malware) or “Spot the Difference” (about fake websites).

6. Incorporate music and songs.

Music makes remembering easier. Ask a friend with a knack for music to help you replace the lyrics of a popular song with a cyber security reminder, then teach it to the trainees. You could also use a war movie’s battle scene soundtrack to remind employees about being in a cyber war.

7. Use quizzes.

You can use cyber security quizzes for both in-person and online training or send them out weekly to your employees. Don’t make them too hard or too complex. Find ways to make them fun and engaging. Give out tokens for completion and prizes for perfect scores.

Train better with a cyber security services provider

Ready for web safety training? Who can help you better than cyber security experts? ADITS has been helping businesses prepare their employees to become cyber warriors. Just book a free consultation to find out more or contact us for enquiries.

Don’t wait for a data breach to come knocking at your door. It could just knock your business down without warning. Do your cyber awareness trainings now.

Microsoft AU Price Increase: What You Need to Know

In October 2022, Microsoft announced that there will be global price changes for its products and services to match US dollar prices. This means that customers in different countries will be paying the same price for Microsoft products, regardless of their local currency and geographical location.

By 1st September 2023, such price adjustment takes effect in Australia.

Who will be affected by the price increase?

Customers purchasing with the Australian dollar will encounter a 9% hike for all software, such as Microsoft 365 licences, including Business Premium and Enterprise licencing. Government, education, and non-profit customers will also be affected.

Affected currencies are included below:

CurrencyCloud Change %On-Premises Change %
Australian Dollar+9%+9%
New Zealand Dollar+7%None
Canadian Dollar+6%+6%
Swiss Franc-9%None

As in the case of the adjustment for the Swiss Franc, prices can also decrease depending on foreign currency movements, local market scenarios, and inflation situations.

Which commercial licencing programs will be impacted?

Here is a list of all commercial licencing programs that will be impacted:

  • Enterprise Agreement (Commercial, Government, and Enrolment for Education Solutions)
  • Microsoft Customer Agreement for enterprise (MCA-E) – Applies to seat-based offers only
  • CSP with MCA: applies to seat-based offers only (Commercial, Government, and Education Solutions)
  • Legacy CSP Open Value (Commercial, Government, and Education Solutions)
  • Open Value Subscription (Commercial, Government, and Education Solutions)
  • Microsoft Products and Services Agreement (MPSA; Commercial, Government and Academic)
  • Microsoft Online Services Portal (MOSP)
  • MCA Online
  • Select Plus

If you’re an existing ADITS client and are unsure whether this impacts your business licencing, talk to your dedicated Account Manager.

What are the exemptions to the price increase?

The following will not be affected by the pricing adjustments:

  • Customers who purchase Azure through the Microsoft Customer Agreement (MCA) will not be affected. Azure is priced in US dollars worldwide and billed in local currency. The local currency calculations are done monthly, and the billing rates published on Azure.com.
  • Business customers with “existing orders under commercial licensing agreements for products that are subject to price protection” or with locked enrolment prices. However, new product additions, new purchase contracts, upgrades, and renewals will be subject to price adjustments.
  • Hardware, consumer software, and consumer cloud services

When does Microsoft make price adjustments?

After the price change on 1st September, price adjustments will happen semi-annually, every 1st February and 1st September.

Microsoft said it will strive to provide notice at least 30 days prior to the date when a price change takes effect. For the upcoming adjustments, Microsoft will make new local prices available starting on 1st August.

Please note, Microsoft price adjustments last happened on 1st January 2019 for cloud software.

Get Microsoft 365 or additions before prices change

For more information or if you have a concern about your specific subscription, reach out to our friendly team today or call us on 1300 361 984.