Changes to the privacy laws come in next month covering how a business handles personal information and businesses need to check to ensure they comply.
New rules in the Privacy Act apply to all companies with an annual turnover of more than $3 million and which collect personal data. It includes many online retailers and tech firm start-ups as well as large corporations and all federal government departments and agencies.
From March 12 the new rules called the Australian Privacy Principles will apply to both private business and the federal government. It applies to how a business handles personal information including processing the data, use of personal data for direct marketing, and disclosing of personal information to people overseas.
It’s not only hi-tech firms that are affected. Even companies that collect customers’ handwritten forms are included – anything that involves a company or agency keeping personal information on its clients and customers.
Under the new rules companies can’t just pass on information about a customer to another firm – they are now obliged to contact the customer to let them know how they plan to use their data. Firms must update their privacy policies and train their staff to ensure they comply with the new rules.
The Office of the Australian Information Commissioner details the 17 privacy changes being brought in under the Australian Privacy Principles (APP) on their website. But it would be wise to get advice from a commercial law expert to see whether your firm is affected by the law changes and make sure your firm is complying with the changes. Penalties are severe: Up to $1.7 million in fines for companies and up to $340,000 fines for individuals for serious or repeated invasions of privacy.
The APP changes include staying anonymous to protect privacy, what sort of personal data can be collected, people’s right to access to information held about them and being able to correct it, whether a firm really needs the data to fulfill its function, the way information is collected and used and direct marketing.
The changes strengthen powers of the Privacy Commissioner to investigate breaches. Commercial law expert Tony Mitchell of Stacks Law Firm said the changes mean Australian companies urgently need to do a privacy audit to evaluate their IT security, and ensure they have defences in place to prevent data leaks.
“To stay within these new privacy laws firms need to do more than simply comply with the rules,” Mr Mitchell said. “They need to be active in protecting people’s data including staff access, company emails and social media.”