"It will encourage organisations to take privacy more seriously."
Are you ready for compliance?
Communications Alliance CEO, John Stanton, said considerable effort will be required of service providers to ensure they can comply with the new requirements.
"Many service providers will have to undertake compliance assessments across their businesses to ensure readiness for incoming APPs," he said.
According to Stanton, the reforms introduce an accountability approach to an organisation's cross-border disclosures of personal information, putting pressure on taking reasonable steps to ensure that the overseas recipient does not breach Australia's Privacy Act reforms.
Changes related to compliance requirements, could tip some companies over, Kyocera's Finn said. He pointed out small distributors as an example and the information retained within credit accounts such as banking details, date of birth and personal addresses.
"They all run on the skin of their teeth and on the smell of an oily rag, and if you've suddenly got to put privacy compliance officers in and all these other things, can you support that overhead and do you want to support it?," Finn said. "Compliance can be one of the biggest accelerators for consolidation."
Finn said it would have an overhead to manage compliance with the Privacy Act, which he estimated would cost his business about $120,000 to $180,000 per year.
"We're a large company and it hurts because it's something we didn't have to worry about before," he said. "Those figures don't include rewriting all our systems. We have to write new programs, implement new systems and put in place a new regime for compliance."
Communications integrator, Orange Business Services, managing director, Gordon Makryllos, said it was in the process of understanding how new its technologies will be impacted by the reforms. The integrator is part of the global France Telecom-Orange branch.
"We've conducted a privacy audit looking at how we're managing information that will be impacted by this new act," Makryllos said. "We're undertaking training and are appointing someone to lead as a privacy officer, and there's lots of work to be done and it shouldn't be underestimated.
"We have to change the way we're doing things, we do marketing and hold customer information, and a big part of our business is security."
Makryllos said it was also in the process of conducting security audits with its customer base.
The channel needs to understand how the reforms affect customers and take up the role of a trusted advisor in helping rewrite security policies and add technology to help with compliance.
The changes will also force a bigger emphasis on where sensitive customer data actually resides, and it will be in the hands of the managed service provider that puts it there, not the datacentre operator, placing more importance on the role of datacentre security.
Sign up for CIO Asia eNewsletters.