Whether a start–up or a listed ASX company, your business
opportunities are increasingly on–line and/or overseas. At
last count over 80 countries have adopted data privacy laws and
Australia's new Australian Privacy Principles (APPs) come into
effect from 12 March 2014. The new APPs, overseas laws and
attitudes toward data privacy are very different from business as
you know it.
What you think you know about data privacy in Australia and
overseas may just be wrong! This "Top Ten" fact sheet
dispels some common misconceptions about privacy.
10. BUSINESS INFORMATION IS NOT PERSONAL INFORMATION
"Personal information" is not restricted to one's
personal life. In most countries it is any information that can be
used to identify an individual (even indirectly) and, in some
countries, company names are considered personal data.
9. PUBLIC DATA IS THERE TO BE USED
In Australia and many other countries data published by a public
body, or personal information posted by an individual on a public
forum, cannot be lawfully used by a third party and/ or this
"collection" triggers new privacy obligations.
8. WE'RE COMPLIANT–WE HAVE AN IT SECURITY POLICY
Your IT security policy, while important, is not the sole
personal information security obligation, let alone data privacy
7. THE NEW APPS DON'T CHANGE MUCH
privacy processes) will require amendment to comply with the new
APPs. In addition, the impact of the change in the regulator's
powers and attitude and the introduction of fines from 12 March
2014 should not be underestimated.
6. WE'RE COMPLIANT – WE HAVE A PRIVACY
Does your policy include the minimum mandatory requirements for
each of the countries in which you operate? Also, protection of
personal information, privacy rights, patient information, bank
secrecy, employee rights and data security (to name a few) are not
one and the same. Laws and regulations in these areas may
co–exist, overlap or even contradict each other. Your policy
and program might not adequately address all these aspects.
5. WE KNOW OUR PRIVACY ABC'S – APPS, BIG DATA AND
The emergence of new technologies (i.e. Apps, Big Data and
Cloud) is leading to tougher requirements as to
"informed" consent. Different issues arise and different
privacy processes (and sometimes policies) are required in most
countries for Apps, Big Data and Cloud computing.
4. NO NEED TO WORRY – WE ONLY TRANSFER DATA OFFSHORE TO
In most countries the offshore transfer of data (even to a
related entity) requires prior notification to (if not the consent
of) the relevant individuals. In some countries offshore transfers
are prohibited, unless approved by the regulator.
3. PRIVACY'S NOT A PRIORITY FOR US
In Australia from 12 March 2014 companies can be fined $1.7
million and individuals $340,000 for a serious invasion or repeated
invasions of privacy (i.e. breaches of the APPs). Fines and
increased enforcement are now the norm in Asia and the EU has
proposed fines of up to 2% of worldwide turnover. Can you afford
for privacy not to be a priority?
2. COMPLIANCE IS TOO COMPLEX!
It does not need to be. We can help you set priorities and
determine the essential and practical means to better protect your
business, your employees, your customers and your reputation.
1. COMPLIANCE IS TOO COSTLY!
Again, it does not have to be! We manage compliance projects and
issues globally and locally on a daily basis. We know how to
leverage that experience to work to nearly any budget, whether
locally, regionally or globally.
This publication is intended as a general overview and
discussion of the subjects dealt with. It is not intended to be,
and should not used as, a substitute for taking legal advice in any
specific situation. DLA Piper Australia will accept no
responsibility for any actions taken or not taken on the basis of
DLA Piper Australia is part of DLA Piper, a global law firm,
operating through various separate and distinct legal entities. For
further information, please refer to www.dlapiper.com
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).