Are you ready for the new Privacy Laws?
In just one month, on 12 March 2014, new Privacy Laws come into effect in Australia. And there is every chance that your business needs to take steps to comply. New harsh penalties will also apply for breaches of these Privacy Laws.
If you are not aware of the changes, we strongly recommend that you review the changes and decide whether action is required to achieve compliance within your organisation.
This is only a brief overview, and you should seek proper advice about these new laws.
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 includes a set of new privacy principles, called the Australian Privacy Principles or ‘APPs’ that will regulate the handling of personal information by both business and government agencies.
In the Privacy Act, personal information means "information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether the information or opinion is true or not and whether recorded in a material form or not"
Personal information might include a person’s name and address, bank account or credit card details, photos or even information on their hobbies and opinions. Sensitive personal information might include details on the individual’s racial or ethnic background, health and medical information, political opinions or associations or their criminal record.
Some personal information your business might be holding (intentionally or otherwise):
- Financial Services businesses: personal information about your clients including their financial records, investment and insurance details, pay records, financial plans …
- Recruitment businesses: resumes of candidates including their address, income, job histories, desire to change jobs, hobbies …
- Event management businesses: details of people who have attended your events including their contact details, interests, buying intentions …
- Health providers: Medical records, health records …
- Legal businesses: personal information about personal/family matters, financial situations, criminal history …
- Not for Profits: information about members including credit card numbers, donation histories …
In relation to IT in particular, there are numerous considerations from the new APP’s.
For example, “APP 11 – Security of Personal Information” requires that an entity take reasonable steps to protect personal information it holds from misuse, interference and loss, and from unauthorised access, modification or disclosure. The Australian Information Commissioner has released a 36-page guide to what constitutes ‘reasonable steps’ and this includes obligations to:
- Protect against unauthorised access by your staff or contractors (do all of your staff have, and need, access to all personal information you store?)
- Protect data from hacking (are your firewalls and other security measures good enough?)
- Store and dispose of records securely (do you shred documents, or dispose in regular trash/recycling?)
- Prevent loss of hard copy documents, computer equipment or portable storage devices (what happens if a staff member loses a phone or laptop? Is personal information stored and transported on USB keys?)
- Mistakenly release records to someone other than the intended recipient (is personal information sent via email, and how do you ensure the right recipient is always selected?)
There is a lot more to the new privacy laws than has been covered here, and we encourage you to spend some time familiarising yourself with the changes.
Here are some helpful links to save you time:
Back to blog listing