In a speech to the International Association of Privacy Professionals Australia/New Zealand (iappANZ), delivered on 30 November, the Australian Privacy Commissioner summarized the tough new approach he will take to deal with companies that are careless with customer or user data. Under the current law, the Commissioner’s determinations are enforceable in the Federal Court. The Australian Privacy Commissioner outlined strict new tactics stating that all businesses must have in place robust processes for the collection, storage, use and disclosure of information. This includes rigorous and ongoing training for all employees, the completion and retention of compliance records, and firm strategies in relation to managing contractual arrangements and, particularly, outsourcing provisions. This is especially, though not exclusively, so for trans-border data flows and is particularly relevant for businesses considering using cloud computing services. Businesses should also strive to engender a culture of privacy awareness, confidentiality, data protection and best practice in dealing with personal information.