Significant and costly changes in the Privacy Act, scheduled for March 2014, are set to seriously impact the majority of companies handling personal information.
The changes, aimed at forcing businesses to be more transparent about how they handle personal information, will impact both private and public sector organisations with an annual turnover of more than $3 million, and will also affect Australian subsidiaries of global organisations.
Regardless of the type of industry, companies have to deal with the reforms that include a new set of principles, enhanced enforcement powers for the Privacy Commissioner and new credit reporting requirements.
The Australian Privacy Act has been in place since 1988, but there will be 13 new principles coming into place dealing with the open and transparent management of personal information, the use and disclosure of personal information for direct marketing and cross-border disclosure of personal information.
The Privacy Commissioner will be empowered to hand out penalties -- reaching up to $1.7 million for an organisation and $370,000 for an individual -- for breaching the new rules. The commissioner will also be able to demand a company's privacy performance assessment.
"In the age of Big Data, social media, and Cloud computing, it is increasingly important that people think about the concept of privacy and what it means to them," Privacy Commissioner, Timothy Pilgrim, said in a recent report.
Distribution Central managing director, Nick Verykios, said the reforms affect any business that is doing third party analytics, right down to the analytics software provider.
Kyocera Document Solutions A/NZ managing director, David Finn, warned the changes will have a massive impact on the telemarketing industry.
"A lot of industries, especially IT, depend a lot on telemarketing and they're going to have all sorts of problems," Finn said. "This privacy thing is very scary. A lot of people will get caught will their pants down.
"I can guarantee a lot of the smaller distributors, have no idea what's coming. On the flipside, the chances of getting caught may be slim, but if you do, it's going to be a big problem."
Finn's warning is underscored by statistics from security vendor, McAfee, which commissioned a survey recently involving 500 respondents on awareness of the Privacy Act changes. It found 59 per cent were unaware or unsure there had been any recent changes. However, of the companies that were aware of them, only 49 per cent conducted a Privacy Impact Assessment.
Data owners within organisations that were surveyed were more concerned over the damage to the company's reputation and loss of customer trust, than a potential fine, McAfee Asia-Pacific practice head of data protection, Joel Camissar, said. "The reputation damage is significant, but at the same time the IT department within an organisation struggles to get board-level attention sometimes to get the necessary funds and build a business case for privacy.
Sign up for CIO Asia eNewsletters.