The Australian Privacy Commissioner Timothy Pilgrim released a statement on 25 January urging companies to begin preparing for the upcoming privacy reforms, due to come into effect in March 2014. In the release, the Office of the Australian Information Commissioner (OAIC) is recommending businesses prepare for the reforms by reviewing:
- privacy policies and information collection notices
- any outsourcing arrangements that might be in place, particularly if these involve the disclosure of personal information outside Australia
- direct marketing practices, including the availability of ‘opt out’ mechanisms.
To assist businesses in their understanding of privacy reforms, the OAIC is producing detailed guides which will outline the impacts of the reforms and help businesses to make the necessary changes to their handling of personal information.
A key part of business preparations is a review of compliance processes. By implementing compliance processes that are in line with the 2014 changes as early as possible, compliance managers can prepare employees for the changes and reduce the risk of employee non-compliance with policies.
The Privacy Amendment Bill 2012 was passed by parliament in November 2012, introducing 295 proposed changes, including new Australian Privacy Principles and changes to how personal information is handled. The changes to the Privacy Act were delivered with the aim of bringing privacy protection laws in line with modern technology and promoted by government as the biggest changes in over 20 years.
When celebrating Data Privacy Day (28 January), Mr Pilgrim stressed that organisations should be vigilant about privacy and protecting the personal information that is entrusted to them by their customers.
“With regular reports of data breaches and their impact on individuals as well as on business reputation, the importance of getting privacy right cannot be underestimated,” said Mr Pilgrim.
Key amendments to the Privacy Act include:
- Greater powers for Privacy Commissioner Timothy Pilgrim, including the right to seek civil penalties in the case of serious breaches of privacy
- Tighter regulation of use of personal information for direct marketing
- Modernised credit reporting system
- Stricter rules about sending personal information outside Australia