Media Release | 19 February 2014

Businesses dragging feet on privacy deadline, open to risks

Businesses which fail to prepare for the 12 March ‘go live’ date for the significant reforms to the Federal Privacy Act, including the introduction of the new Australian Privacy Principles (APPs), risk prosecution and a severe penalty regime. Yet many companies aren’t prepared for the changes, according to Hall & Wilcox partner, Alison Baker.

“Failure to comply with the new Privacy Act puts business at serious reputational, legal and financial risk.

“It’s a big change from the previous regime, which was much softer on privacy breaches.”

She said the Australian Information Commissioner had the power to prosecute, with financial penalties of up to $1.7 million for corporations.

“The risks of running afoul of the Privacy Act have increased threefold: there is the reputational risk of enduring a public prosecution; the legal risk of fighting a charge; and possible financial penalties.”

Ms Baker said every business needed a privacy policy to satisfy compliance with the new principles; those with an existing policy will need it amended.

Businesses most at risk include those which engage in direct marketing and those outsourcing to overseas suppliers, with the need to comply with strict requirements under the APPs.

Potential problem areas include ensuring third-party supplier contracts address the new principles and place contractual obligations for privacy compliance on third party suppliers. “Businesses engaging with overseas suppliers need to ensure they have good contracts in place. If they already have a relationship agreement, they should look to enter into data transfer deeds with their overseas suppliers.

“All processes around collecting and storing personal information, as well as access, correction and complaint handling processes, need to be reviewed. This includes destroying or de-identifying personal information when it is no longer needed.”

 Key features of the amended Privacy Act are:

  • The Australian Information Commissioner will be given increased powers to enforce privacy laws.
  • The 10 National Privacy Principles applicable to the private sector will be replaced with 13 Australian Privacy Principles (which will also apply to the Commonwealth public sector), which will create additional obligations on organisations.
  • Organisations will need to comply with increased legal obligations regarding overseas disclosure of personal information and direct marketing.
  • A new and significant penalty scheme will apply to organisations for breaches of the Act (up to $1.7M for corporations).


Oliver Jankowsky

Partner & Head of International Practice

Ed Paton

Partner & Head of SE Asia Practice

Eugene Chen

Partner & Head of China Practice

Melanie Smith

Director - Business Development, Marketing and Communications

Natalie Bannister

Partner & Commercial National Practice Leader

Rhett Slocombe

Partner & Insurance National Practice Leader

Katie McKenzie


James Bull

Special Counsel and Head of Frank

Melanie James

People & Culture Manager

Jacqui Barrett

Partner & Head of US Practice

Paul O’Donnell

Consultant & Head of Energy

Christopher Brown

Partner & Head of UK Practice

Lauren Parrant

Senior People & Culture Advisor, as at 1 July 2022

Melinda Woledge

Marketing & Communications Manager

Jasmine Koh

Senior Associate and Head of Frank

Alison Choy Flannigan

Partner & Leader, Health & Community

Billie Kerkez

Manager – Smarter Recovery Solutions

Peter Jones

Senior Commercial Counsel

You might be also interested in...

Thinking | 16 Apr 2014

Insurable Interest Issue 34

Contents Compromising behavior Canned two No more excuses Pure economic loss Not so obvious Froglets with teeth  Compromising behavior The Victorian legislature has recently enacted a number of changes to the rules relating to offers of compromise made in County Court and Supreme Court proceedings. The changes include a new rule enabling an offer of compromise to […]

Thinking | 19 Dec 2013

Hall & Wilcox welcomes new Sydney-based team

Leading Australian independent business law firm Hall & Wilcox today announced the acquisition of the core of Duncan Cotterill’s Sydney-based Australian practice. The practice is primarily an employment practice and includes partners Ken Brotherson, Aaron Dearden and Kerryn Tredwell, together with a team of lawyers and support staff. The acquisition will facilitate the opening of […]