You're a General Counsel responsible for overseeing
legal compliance. You know the privacy law changes commence in
March 2014. You are losing sleep... what do you do?
Time is running short, budgets are tight and the changes are
complex. So, how can you find a way through the legislation and get
ready without spending a fortune on external assistance?
Our pointers are below. The purpose is to identify your
compliance gaps under the new regime and address them efficiently
to close off key risks.
The trend towards greater protection of individuals'
personal information is worldwide and Australia is no
Privacy requirements will continue to grow in coming years and
privacy compliance will be increasingly important for private
enterprise and the government sector.
The March 2014 changes give the Privacy Commissioner much
stronger powers than before, including the ability to seek civil
penalties of up to $1.7 million for a serious or repeated privacy
breach. The Commissioner's power to act after an "own
motion" investigation will also be bolstered.
Underlining the intention behind the reforms the Commissioner
said recently, "I will not be taking a softly softly
Businesses and Commonwealth government agencies will need to
meet substantially higher privacy requirements. Changes must be
made to current business practices, including:
What you say to individuals when you collect personal
information about them.
How you use direct marketing.
How you ensure privacy education and compliance within your
The contractual terms under which you disclose personal
information outside Australia, e.g. to an IT services
WHAT TO DO
Conducting a privacy audit within your organisation is the
starting point. The audit should identify gaps between current
practice and the new privacy requirements. It should also cover the
Spam Act since it's closely related to privacy law.
Apart from your legal team, the audit project should involve
senior management from IT, Marketing and HR, to identify the types
of personal information collected, how it's collected and used,
to whom it's disclosed and how it's stored.
Key documents relating to the collection and handling of
personal information should be compiled, e.g. web forms where
consumers can join your mailing list and contracts with overseas IT
The aim is to identify key areas where current practice
doesn't meet the standards mandated under the legislation. At
the same time, you can educate internal stakeholders (IT,
Marketing, HR, Legal) about the new requirements.
The outcome of the privacy audit will be a list of action items
that need addressing before March 2014. This list can be worked
through to close the compliance gaps.
Whether or not the privacy audit is handled internally or with
assistance from an external legal firm depends on the privacy and
spam law expertise of your in-house legal team.
WHEN TO ACT
Privacy audits should be under way now. If your audit identifies
compliance gaps – which is likely – sufficient time
will be needed to close them by March 2014. Leaving it until next
year carries the real risk of running out of time.
If the Privacy Commissioner chooses to make a public example of
someone next year, make sure it's not your organisation!
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
Most awarded firm and Australian deal of
Australasian Legal Business Awards
Employer of Choice for
Equal Opportunity for Women
in the Workplace (EOWA)
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).