ContactDocsLogin
Blog
News

Ready for 2025: How Aurabox is Ahead of the Curve on Australian Privacy Law Reform

By
Aurabox
April 8, 2025
#
min read
Redacted imaging

Australia's privacy landscape is undergoing its most significant transformation in decades. With the passage of the Privacy and Other Legislation Amendment Act 2024, the Australian Government has laid the groundwork for stronger data protection, more robust enforcement, and a new era of accountability. These reforms are designed to bring Australian privacy law into closer alignment with global standards, particularly the European Union's General Data Protection Regulation (GDPR).

At Aurabox, we welcome these changes. In fact, we're not just ready for them — we've already built our platform to meet and exceed these requirements. Our proactive approach to privacy and security means our users and their patients can have complete confidence in how their data is handled.

What's Changing in 2025?

The 2024 amendments introduce several critical updates that will roll into effect throughout 2025, impacting how organisations collect, use, and protect personal information:

  • Statutory tort of serious invasion of privacy: For the first time, Australians will have the ability to take legal action against organisations for serious invasions of privacy, even if they cannot demonstrate financial harm. This marks a significant shift in legal rights and increases the stakes for any organisation handling sensitive data.
  • Expanded regulator powers: The Office of the Australian Information Commissioner (OAIC) has been granted enhanced investigative and enforcement powers. This includes the authority to impose larger fines, compel information disclosure, and launch investigations with broader scope.
  • Transparency for automated decisions: Organisations that use automated processes to make decisions that significantly affect individuals will be required to disclose this in their privacy policies. This is intended to ensure greater transparency and fairness in data-driven services.
  • Criminalisation of doxxing: The deliberate and malicious release of personal information with the intent to cause harm — known as "doxxing" — has now been criminalised. This change reflects growing concern over online harassment and the misuse of personal data.

These reforms signal a clear intent to protect individual privacy rights in an increasingly digital world. And for organisations, they underline the importance of adopting robust privacy frameworks.

Global Compliance, Local Confidence

Aurabox is already compliant or nearly compliant with three of the world’s most rigorous data protection frameworks:

  • GDPR: Our systems and policies are designed to comply with the EU's comprehensive privacy regulation. This includes strict adherence to data minimisation, purpose limitation, and the implementation of Technical and Organisational Measures (TOMs) to protect personal data. We have been fully UK and EU GDPR compliant since 2024.
  • SOC 2: This internationally recognised standard ensures that we meet high expectations for system security, availability, and confidentiality. It's a testament to our operational integrity and our commitment to safeguarding sensitive data. We expect to reach audited SOC 2 Type I in 2025, but are already passing on over 95% of controls.
  • HIPAA: As a platform operating in the healthcare sector, we align with the U.S. Health Insurance Portability and Accountability Act. This ensures the confidentiality, integrity, and availability of patient health information, with strict controls on access and data handling. We expect to meet full HIPAA compliance by mid-2025 and are passing on almost all controls.

By meeting these high standards, Aurabox is not just meeting Australian expectations — we're setting a higher bar for what health data security should look like.

Do Australian TOMs Change the Game?

In short: not for us.

The upcoming Australian requirement for organisations to implement "reasonable Technical and Organisational Measures" (TOMs) closely mirrors the expectations already outlined in Article 32 of the GDPR. Since Aurabox has long been compliant with these international standards, we are well ahead of the curve.

We already:

  1. Encrypt all data both in transit and at rest, ensuring end-to-end protection.
  2. Restrict access to data using role-based access controls, ensuring only authorised users can access patient information.
  3. Maintain detailed audit logs of all platform access and data changes for full accountability.
  4. Automate the de-identification of data where required, supporting both compliance and research use cases.
  5. Operate a comprehensive breach response plan, with clear roles, responsibilities, and notification timelines.
  6. Provide ongoing training to all staff in privacy, data security, and compliance best practices.
  7. Our platform was designed from the ground up to support secure, compliant medical imaging workflows. We serve healthcare professionals who demand the highest standards of trust and data integrity. Our infrastructure, policies, and culture reflect that responsibility.

You can find out more about our security and compliance posture in our Trust Centre.

What This Means for Healthcare Professionals

If you're already using Aurabox, you can rest easy knowing you're well ahead of the regulatory curve. These changes to Australian privacy law will have minimal impact on your day-to-day operations because we've already done the heavy lifting.

TOMs? Already implemented.

Consent and transparency? Baked into our platform design.

Data security? Locked down with industry-leading standards.

You won’t need to rework your policies or worry about compliance gaps. We’ve engineered privacy into every facet of Aurabox, from data ingestion to patient sharing.

Our Promise: Proactive Privacy

At Aurabox, privacy isn’t a checkbox — it's a fundamental value. We view compliance not as a burden, but as a commitment to our users and their patients. As reforms continue to evolve through 2025 and beyond, we will remain proactive in adapting to the legal landscape.

We are continuously reviewing our policies, technologies, and training programs to ensure we stay ahead of the curve. Our users deserve nothing less than best-in-class security and privacy, and that’s exactly what we deliver.

The Bottom Line

Your trust, and your patients' privacy, are sacred. As Australia embarks on a new chapter in data protection, Aurabox stands ready — not just to comply, but to lead.

Want to learn more? Get in touch to see how Aurabox can support your clinical workflows, reduce your privacy risk, and help you stay on the right side of history — and the OAIC.

Tags
Australia
Share this post
Subscribe to newsletter

Related posts

Underground tunneling project
News

Aurabox Unveils Bold Plan for 75,000km Pneumatic Tube Network to Revolutionise Medical Imaging

Aurabox, Australia’s leading medical imaging platform, has today announced its most audacious infrastructure initiative yet: the construction of a 75,000-kilometre Pneumatic Tube System (PTS) that will connect over 1,200 hospitals and healthcare facilities across the country.
Read more
decorative
News

Aurabox Launches in the UK and Singapore: Transforming Medical Imaging Management Worldwide

We are thrilled to announce that Aurabox is now available in the United Kingdom and Singapore, marking a significant milestone in our mission to revolutionise medical imaging management.
Read more

Take the first step towards better healthcare

Join the revolution in medical asset management with Aurabox.

Get started now

Aurabox is a medical imaging storage, viewing and collaboration platform that combines imaging from any source, to transform organisational workflow.

Sign up FreeContact Sales/Demo