Australia’s major privacy law reforms commence on 12 March 2014.
These reforms to the Privacy Act 1988 (Cth) have been well publicised and Australian private sector and Commonwealth public sector organisations are required to be fully compliant by 12 March – the transition period is coming to an end.
From 12 March the Privacy Commissioner will have much stronger powers, including the ability to seek a civil penalty of up to $1.7 million for a serious or repeated privacy breach. The Privacy Commissioner has said he “will not shy away” from using these new powers.
Many organisations have spent months preparing for the changes and will be ready for them.
Others are aware of the changes but haven’t yet taken action. If you’re in that category, what should you do now to reduce your risk? Here are our “Top 5” tips.
These are the statements you must provide to individuals when (or as soon as practical after) you collect personal information about them. For example, if your website allows users to enter a competition or to request information from you, you should use a privacy statement on the website. Changes you will probably need to make in your privacy statements include:
The APPs require organisations to take reasonable steps to put procedures and systems in place to ensure compliance with the APPs. A key part of your compliance program should be an internal privacy compliance guide that sets out, amongst other things:
Another vital part of your compliance program is to train staff who handle personal information, about the changes to the law. There are some basic training materials on the Privacy Commissioner’s website – or we can assist you to prepare some tailored, practical training for your organisation.
In conjunction with doing all of the above, or as soon as practical afterwards, conduct an audit of how your organisation collects, stores, uses and discloses personal information, to check compliance with the APPs and (since it’s very closely related) the Spam Act 2003 (Cth). Some areas of increased risk under the new APPs are:
If your audit identifies compliance gaps, you should work to close the gaps as soon as practical.
Following our “Top 5” tips doesn’t guarantee you’ll be fully compliant with the new privacy regime (which is quite complex) but at least you will reduce the chance that the first privacy complaint under the new regime is against you!
The content of this publication is for reference purposes only. It is current at the date of publication. This content does not constitute legal advice and should not be relied upon as such. Legal advice about your specific circumstances should always be obtained before taking any action based on this publication.