Upcoming changes to privacy legislation

Will your business be affected by imminent changes to Privacy legislation?  If so, now is the time to take action.

On 12 March 2014, significant changes to Australian privacy law come into effect. These changes will regulate how both private (generally with turnover in excess of $3m) and government organisations collect, store and use data.  To find out if these amendments will apply to your organisation check out the OAIC website.

The Privacy Amendment (Enhancing Privacy Protection) Act 2012 to the Privacy Act 1988 extends the number of privacy principles to thirteen.. Organisations that fall within the scope of the principles (APP entities) must comply with these principles, or risk investigation from the regulator and possible penalties. Notably, Principle 8 puts the onus on applicable entities to ensure  the security of trans-border data flow – particular care needs to be taken in relation to use of cloud computing and overseas network providers. There is still time before the amendment comes into effect to ensure that any overseas provider in this respect is aware of your requirements to have in place measures that will comply with the legislation.

Privacy Principle 1 requires that APP entities have privacy processes and a clearly visible privacy policy. Does your business have these in place? Monitoring internal compliance obligations and behaviours of employees, contractors and agents is part of good risk control measures.

Further the principles make it mandatory for organisations to give the option of client-anonymity. Good practice for internet trading and other electronic data collection is to include an opt-out clause when gathering client information. Failure to maintain data integrity or to ensure that information is collected through compliant methods, may present substantial financial and reputational risks.

The obligations of the Act and the Privacy Principles are enforceable by the Australian Information Commissioner (AIC). As part of the legislative amendment, the Commissioner’s regulatory powers have been expanded with powers to investigate perceived breaches. The AIC is empowered to conduct privacy audits of any Australian government body or regulated private organisation; where serious breaches are found, the Commissioner can penalise APP entities up to $1.1 million.

Why expose your business to risk?  For assistance with your compliance and risk management functions contact Compliance Essentials today on 1300 602 880 or via our website www.complianceessentials.com.au