Businesses dragging feet on privacy deadline, open to risks
Businesses which fail to prepare for the 12 March ‘go live’ date for the significant reforms to the Federal Privacy Act, including the introduction of the new Australian Privacy Principles (APPs), risk prosecution and a severe penalty regime. Yet many companies aren’t prepared for the changes, according to Hall & Wilcox partner, Alison Baker.
“Failure to comply with the new Privacy Act puts business at serious reputational, legal and financial risk.
“It’s a big change from the previous regime, which was much softer on privacy breaches.”
She said the Australian Information Commissioner had the power to prosecute, with financial penalties of up to $1.7 million for corporations.
“The risks of running afoul of the Privacy Act have increased threefold: there is the reputational risk of enduring a public prosecution; the legal risk of fighting a charge; and possible financial penalties.”
Ms Baker said every business needed a privacy policy to satisfy compliance with the new principles; those with an existing policy will need it amended.
Businesses most at risk include those which engage in direct marketing and those outsourcing to overseas suppliers, with the need to comply with strict requirements under the APPs.
Potential problem areas include ensuring third-party supplier contracts address the new principles and place contractual obligations for privacy compliance on third party suppliers. “Businesses engaging with overseas suppliers need to ensure they have good contracts in place. If they already have a relationship agreement, they should look to enter into data transfer deeds with their overseas suppliers.
“All processes around collecting and storing personal information, as well as access, correction and complaint handling processes, need to be reviewed. This includes destroying or de-identifying personal information when it is no longer needed.”
Key features of the amended Privacy Act are:
-
The Australian Information Commissioner will be given increased powers to enforce privacy laws.
-
The 10 National Privacy Principles applicable to the private sector will be replaced with 13 Australian Privacy Principles (which will also apply to the Commonwealth public sector), which will create additional obligations on organisations.
-
Organisations will need to comply with increased legal obligations regarding overseas disclosure of personal information and direct marketing.
-
A new and significant penalty scheme will apply to organisations for breaches of the Act (up to $1.7M for corporations).
Contact


Jordon Lee
Lawyer


Geoff Benson
Lawyer


Harvey Duckett
Lawyer


Luke Denham
Lawyer


Jemima Whiteman
Lawyer


Bradley White
Lawyer


Sarah Khan
Lawyer


Marie Mitilineos
Lawyer


Gloria Tam
Lawyer


Sheldon Fu
Lawyer


Anna Cao
Lawyer


James Pavlidis
Lawyer






Claire Bourke
Lawyer


Chloe Taylor
Lawyer


Silvana Brcina
Lawyer


Daphne Schilizzi
Lawyer


Andrew Banks
Lawyer


Isabella Urso
Lawyer


Jessica Liu
Lawyer


Amelia Spratt
Lawyer


Luke Raams
Lawyer


Tom Egan
Lawyer


Emma McDonald
Lawyer


Carl Ayers
Lawyer


Gus Hu
Lawyer


Rebecca Dodd
Lawyer


Gretel Burns
Lawyer


Selina Nutley
Partner