Are you prepared for the Privacy Reforms?
Late last year the government made a number of changes to the Privacy Act that will take effect from 12 March 2014. If your business collects and processes personal or sensitive information, these changes will affect you! It is important to prepare your business in order to achieve full compliance and avoid being penalized.
The key changes include:
• A new system of privacy principles, which will significantly affect how private and public sector entities collect and handle personal and sensitive information. Personal information includes name, address, date of birth, drivers license number, passport number, bank/credit card details etc. Sensitive information includes health records, religious beliefs, criminal record and so on.
• Enhanced enforcement mechanisms; and
• For the first time, the introduction of a civil penalty regime for breaches of privacy.
What should my business be doing?
To comply with the new laws, privacy policies will need to be updated and practices procedures and systems will need to be revised, and enforced. The advice is that if you aren’t ready for the changes or at least well into the process of reviewing your privacy policies, you need to start immediately in order to be fully compliant by 12 March 2014. Up until this point, the Privacy Act and policies of the Office of the Australian Information Commissioner (OAIC) have tended to be somewhat overlooked, given the lack of substantial consequences for breaches of the Privacy Act. If your business has been slightly lax with regards to the Privacy Act it is important to recognize that after 12 March 2014 the Federal Court will have the power to award significant civil penalties for serious or repeated breaches of privacy. Penalties of up to $1.7 million can apply to body corporates and $340,000 to APP entities that are not body corporates, including individuals, so this is something that could seriously damage, if not close your business – whatever its size. Penalties are not the only amendments to the OAICs powers; they will have enhanced abilities including those to:
• Accept enforceable undertakings.
• Seek civil penalties in the case of serious or repeated breaches of privacy.
• Conduct assessments of privacy performance for both Australian government agencies and businesses.
How can we help?
Systemnet have a range of experience in major projects relating to Payment Card Industry Compliance (PCI) and Information Security in general, so we are well equipped to help your business make the necessary changes. Why not contact us now for a no obligation discussion on how we can help you achieve compliance with the Australian Privacy Act!
* More details can be found here http://www.oaic.gov.au/privacy/privacy-act/privacy-law-reform . As always you should seek legal advice if unsure about what these changes mean to your organization.