The new Australian Privacy Principles (APPs) launched on 12th March 2014, represent a substantial overhaul of the existing framework and organisations should urgently review their current privacy policies, says Dudley Kneller, partner of Madgwicks Lawyers.
There are a number of core elements that have been amended and Madgwicks have launched a privacy app to help organisations identify potential areas of risk or exposure.
However, according to an Australian Financial Review article published on March 11th 2014, its seems some 75% of companies are not ready for privacy changes that start on Wednesday, according to a survey by Senetas Corporation. The new privacy laws move away from their current objectives - to educate and raise awareness of privacy obligations – and more towards an era of enforcement in line with the European Union’s approach.
Presently, most organisations think it is sufficient to simply have a privacy policy on their website. Now they must be able to demonstrate that they documented practical policies, procedures and technology to back up their claims. Organisations must be able to show they are taking all reasonable steps to be compliant.
There are four big areas to watch out for:
- Organisations must demonstrate they have a way of de-identifying or destroying unsolicited information sent to them (for example an unsolicited CV sent by a hopeful job applicant)
- There are increased requirements around consent and opting in and out of communications surrounding direct marketing
- Organisations must disclose if they are storing data across national borders and indicate what steps are being taken to protect your data.
- There are additional obligations surrounding the security of personal information. Organisations must show that they have adequate protection and processes to prevent data from interference.
The Office of the Australian Information Commissioner (OAIC) has a substantially bigger stick with which to punish offenders, with the maximum fines stretching to $1.7million for organisations and 340,000 for individuals. They also have a range of civil remedies such as obtaining injunctions against offending parties.
Kneller thinks that in most cases the threat to damage of reputation will be an even stronger incentive for most organisations.
To learn more about data protection and complying with privacy laws, refer to our blog on dealing with the data sovereignty dilemma.
