Businesses dragging feet on privacy deadline, open to risks

Businesses which fail to prepare for the 12 March ‘go live’ date for the significant reforms to the Federal Privacy Act, including the introduction of the new Australian Privacy Principles (APPs), risk prosecution and a severe penalty regime. Yet many companies aren’t prepared for the changes, according to Hall & Wilcox partner, Alison Baker.

“Failure to comply with the new Privacy Act puts business at serious reputational, legal and financial risk.

“It’s a big change from the previous regime, which was much softer on privacy breaches.”

She said the Australian Information Commissioner had the power to prosecute, with financial penalties of up to $1.7 million for corporations.

“The risks of running afoul of the Privacy Act have increased threefold: there is the reputational risk of enduring a public prosecution; the legal risk of fighting a charge; and possible financial penalties.”

Ms Baker said every business needed a privacy policy to satisfy compliance with the new principles; those with an existing policy will need it amended.

Businesses most at risk include those which engage in direct marketing and those outsourcing to overseas suppliers, with the need to comply with strict requirements under the APPs.

Potential problem areas include ensuring third-party supplier contracts address the new principles and place contractual obligations for privacy compliance on third party suppliers. “Businesses engaging with overseas suppliers need to ensure they have good contracts in place. If they already have a relationship agreement, they should look to enter into data transfer deeds with their overseas suppliers.

“All processes around collecting and storing personal information, as well as access, correction and complaint handling processes, need to be reviewed. This includes destroying or de-identifying personal information when it is no longer needed.”

 Key features of the amended Privacy Act are:

  • The Australian Information Commissioner will be given increased powers to enforce privacy laws.
  • The 10 National Privacy Principles applicable to the private sector will be replaced with 13 Australian Privacy Principles (which will also apply to the Commonwealth public sector), which will create additional obligations on organisations.
  • Organisations will need to comply with increased legal obligations regarding overseas disclosure of personal information and direct marketing.
  • A new and significant penalty scheme will apply to organisations for breaches of the Act (up to $1.7M for corporations).


Emma Woolley

Partner & Head of Family Office Advisory

Karl Rozenbergs

Partner & Co-Lead, Health & Community

Ben Hamilton

Partner & Technology and Digital Economy Co-Lead

James Deady

Partner & Technology and Digital Economy Co-Lead

Eugene Chen

Partner & Head of China Practice

Oliver Jankowsky

Partner & Head of International Practice

John Bassilios

Partner & Fintech and Blockchain Lead

Matthew Curll

Partner & Insurance National Practice Leader

Melanie Smith

Director – Business Development, Marketing and Communications

Natalie Bannister

Partner & Commercial National Practice Leader

Nathan Kennedy

Partner, Head of Pro Bono & Community and ESG Co-Lead

Mark Dessi

Partner & Energy Co-Lead

Katie McKenzie

Director – People & Culture

James Bull

Special Counsel & Frank Lab Co-Lead

Melanie James

People & Culture Manager

Jacqui Barrett

Partner & Head of US Desk

Lauren Parrant

Senior People & Culture Advisor

Melinda Woledge

Marketing & Communications Manager

Jasmine Koh

Senior Associate & Frank Lab Co-Lead

Alison Choy Flannigan

Partner & Co-Lead, Health & Community

Jordon Lee


Geoff Benson


Meg Lee

Partner & ESG Co-Lead

John Gray

Partner, Technology & Digital Economy Co-Lead and NSW Government Co-Lead

Harvey Duckett


Luke Denham


Billie Kerkez

Manager – Smarter Recovery Solutions

Jemima Whiteman


Bradley White


Sarah Khan


Audrey Leahy

Special Counsel & Head of Irish Desk

Marie Mitilineos


Gloria Tam


Peter Jones

Senior Commercial Counsel

Eden Winokur

Partner & Head of Cyber

Sheldon Fu


James Pavlidis


Claire Bourke


Chloe Taylor


Silvana Brcina


Daphne Schilizzi


Andrew Banks


Isabella Urso


Jessica Liu


Amelia Spratt


Lisa Ziegert

Director – Client Solutions

David Cooper

Partner & Energy Co-Lead

Luke Raams


Emma McDonald


Carl Ayers


Maddison Reznik

Senior Associate & Trade Marks Attorney

Rebecca Dodd


Gretel Burns


Selina Nutley