All organisations handle personal information. Some of that personal information can be a very valuable asset.
The way organisations handle personal information is a key business issue, and failure to handle it properly can create significant business risks.
There is not just the risk of a breach of law. There is also the risk of good customer or stakeholder relations being prejudiced and trust reduced, with a commensurate reduction in the volume and nature of personal information that individuals are willing to share.
Research has shown that privacy protection is becoming increasingly important to Australians and privacy law is one of the fastest developing areas of law. This website provides you with an introduction to some of the law's key elements.
Allens privacy team brings together expertise from a range of fields, including e-commerce, telecommunications, banking, insurance, credit reporting, biotechnology and health, workplace relations, superannuation, funds management and trade practices. We welcome your enquiries about how we can: help you to develop compliance solutions and obtain maximum benefit from customer databases; advise on issues affecting the Internet and new media industries; facilitate workshops to educate and train staff; help you to outsource data processing functions; or help to harmonise privacy obligations across other jurisdictions.
On 27 November 2012, the Federal Parliament passed substantive amendments to the Privacy Act, which will come into effect on 12 March 2014. Most entities that handle personal information, including most Australian companies, will need to comply with the new regime. In broad terms, the reforms:
- replace the National Privacy Principles and the Information Privacy Principles applicable to government agencies with a single set of Australian Privacy Principles (APPs) (for details, please see Focus: Tougher Australian data protection regime);
- introduce significant new pecuniary penalties, of up to $1.7 million, for serious or repeated breaches by companies of the Privacy Act;
- increase restrictions on using personal information for direct marketing;
- change the rules for disclosing personal information outside Australia;
- strengthen the powers of the Privacy Commissioner (now a part of the Office of the Information Commissioner) to conduct investigations and promote compliance with the Act; and
- grant substantially increased powers to the Office of the Australian Information Commissioner.
The reforms give the Privacy Commissioner additional investigation and audit powers, as well as the power to accept enforceable undertakings, develop and register binding privacy codes, and commence proceedings in the Federal Court or the Federal Magistrates Court.
There is, too, a new credit reporting regime, under which credit reporting bodies can collect 'positive' data about individuals, including repayment history information. The regime also provides significant new protections for individuals in relation to their credit information, including a strengthened complaint process.
As a result of these changes, businesses should review and update their privacy policies, collection statements, direct marketing procedures and procedures for dealing with unsolicited information. They should also identify any relevant cross-border disclosures and review applicable arrangements. These steps should be accompanied by an overall update of practices, procedures and systems, to promote privacy compliance.
Allens' Privacy team can assist you with assessing the likely impact on your organisation of the Credit Reporting Privacy Code and the APPs, and advise on any necessary amendments to your organisation's privacy, marketing and information technology practices, policies and agreements.