New Privacy Laws! What You Need To Know...

Do Not Call

This month the Australian government introduced new privacy rules for all businesses and government organisations.  The penalties for not following these new laws include not only hefty fines but bad media publicity for organisations who don't take care.  Below are six key points your business should follow under the new privacy laws.

The new amendments to the Privacy act will enforce tougher security and privacy requirements on all organisations with an annual turnover of more than $3 million, along with government agencies.

This should be of interest if you are a business that collects data about customers, suppliers, staff or anyone else you deal with.

The 13 new Australian Privacy Principles (APPs) will replace the National Privacy Principles and Information Privacy Principles and will apply to organisations and Australian Government.

There's a comprehensive fact sheet about the 13 principles made available by the government. But what does a business that is subject to these principles need to do?

Here's our quick summary of some of the high-level things your business might need to do. Remember – this isn’t specific legal advice. If you believe that your business will be affected by these changes you need to get assistance from your own legal adviser.

1. MAKE SURE YOU HAVE A PRIVACY POLICY AND MAKE IT AVAILABLE

The fact sheet tells you what sorts of things the policy needs to contain and that it needs to be easily accessible at no charge.

2. ANONYMITY AND WHAT DATA YOU COLLECT

Only collect data you reasonably need and remember that individuals must have the option of not identifying themselves, or of using a pseudonym.

Also, you can’t use government identifiers like Tax File Numbers or Medicare Card numbers as identifiers within your systems.

3. YOU CAN’T KEEP DATA INDEFINITELY

Here's where it gets tricky. If you receive some personal data that you didn't solicit and you would not have received that data under normal circumstances, you need to destroy the data and ensure that the data is de-identified.

4. BE TRANSPARENT WHEN YOU COLLECT DATA

If you collect data about someone you need to let them know you're collecting and storing it. And, if you collect data about someone for a specific purpose, you can't re-use or share that data for direct marketing.

5. THE RULES CROSS BORDERS

There may be instances, which are completely legitimate, where you need to send data offshore and share it. If that happens you must ensure that the overseas recipient does not breach the Australian Privacy Principles.

6. QUALITY, SECURITY AND ACCESS

The principles explicitly state that you need to take reasonable steps to ensure that the data you hold is correct, up to date and complete. It needs to be secured against unauthorised access.

Personal information about individuals needs to be made available to those individuals if they request it.

Here are some links for further reading:

Privacy Fact Sheet
Privacy Law Reform 
Smaller companies could get leeway in security breaches

Comment

Chris Pattas

Chris Pattas lives in beautiful Melbourne, Australia. He is happily married with two children. Chris is a successful business leader who enjoys helping organisations reach their full potential. Whether it is driving greater profit or sales, growing market share in competitive industries, inspiring executives to achieve great things, negotiating compelling business deals or working as a board member implementing exciting change programs, he knows how to get the most out of any organisation. Chris has worked in various product and service industries including: advertising, software, IT&T, travel & tourism, utilities and telecommunications. His interests and expertise include: leadership & strategy, sales & marketing, online & social media, science & technology, travel & tourism, photography and music.