In brief – Deadline approaching for businesses to
ensure their compliance with the new privacy
Breaches of the new privacy laws can attract significant fines
and regulators may publicise any breaches, so if your privacy and
data management and protection policies have not been updated for
compliance, time is running out.
Civil penalties of up to $1.7 million for corporations
New laws taking effect from 12 March 2014 impose new
requirements on businesses and most government bodies that collect
and transfer personal information in Australia. These laws also
impact personal information that is collected outside Australia if
that data is brought to Australia.
Non-compliance with the new legislation risks civil penalties of
up to $1.7 million for corporations and $340,000 for individuals.
In addition there are new government powers to investigate privacy
and data loss events and to obtain enforceable undertakings in the
event of a breach of the laws.
New privacy and data management obligations
The new privacy laws create new Australian Privacy Principles
(APPs) that revise prior obligations on how and when any personal
information can be collected and how that information can be
transferred to third parties. These revised requirements
When personal information may be collected and when consent to
collect certain types of personal information is required
Rights of individuals to access, correct or delete personal
information that has been collected
How individuals may complain about interferences with their
Updating your policies and educating your managers and
Most businesses must comply with the APPs. Your first steps
should include updating privacy and data management policies, in
Collection statements and consent to transfer to third
Procedures for handling unsolicited information
Ability of individuals to review and revise collected
Direct marketing procedures
A key compliance tool will be the education of senior managers,
executives and directors about these changes in the privacy regime
and the steps your business is taking to review and maintain
The new legislation allows for investigation of breaches of data
security (privacy) regimes and for the regulators to publicise any
privacy breaches that occur.
Audit of compliance with privacy and data collection laws
For a fixed fee we will review your privacy and data collection
policies and processes and advise whether they are compliant with
new privacy laws and if not, how you can become compliant as
quickly as possible.
Our review will focus on how your business manages and shares
the information it collects from business users and service
providers, with particular attention to personal information,
including customer records, website cookies and customer
information databases. If your business engages in direct marketing
and credit reporting, these processes will be included.
We can also review how your business transfers the collected
data - between group or subsidiary companies, and to and from third
parties such as your customers and service providers, including
your IT service providers. Your use of cloud computing and other
remote services will also be reviewed.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).