Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Privacy laws: Act now or else

Brian Karlovsky | Nov. 6, 2013
The changes are the biggest in the field of privacy in 25 years and channel players in Australia need to act now to protect themselves

When former Prime Minister Kevin Rudd successfully challenged for the Labor leadership earlier this year, on the last day of parliament, most resellers saw little correlation between the fated political square-up and the operation of their business.

But the action had a significant effect on the shape of changes to privacy laws which are set to take effect on March 24 next year. On the day of the challenge, the most contentious of the new privacy laws which was widely predicted to be waved through, was not voted on.

As a result mandatory data breach notification laws will not be included in the 13 new privacy principles which are set to shake up the channel next year. However, the Australian privacy commissioner, Tim Pilgrim, will most certainly be pushing for the amendment to be brought back and it is now a question of how quickly an Abbott government will move on the reform.

Despite this, the changes are still the biggest in the field of privacy in 25 years and channel players need to act now to protect themselves. Pilgrim will be empowered to hand out fines of up to $1.7 million to a company and $370,000 for an individual breaching the 13 rules.

Pilgrim said there were currently no mandatory breach notification laws before parliament and he was not aware of whether the new government planned to re-introduce them. But he will still be holding a very large stick and he's not afraid to use it.

"I will not be taking a softly, softly approach to these new laws." he said. "Let's remember that the public sector has been working with the Privacy Act for nearly 25 years and the private sector have been working with the Privacy Act for over 12 years, so these concepts are not new.

"However, I would also note that since I became privacy commissioner in mid-2010, I have been telling businesses and government that my focus will always be on resolving the majority of complaints via conciliation."

Five months to go
But, according to Pilgrim, with only five months until the new laws are here, there are a lot of things firms can be doing now to prepare.

"I would encourage those in the IT sector to be reviewing and updating privacy policies and collection notices," he said."There is a new requirement for organisations to have a clearly expressed and up to date privacy policy.

"They should be reviewing outsourcing arrangements, particularly if these involve the disclosure of personal information outside Australia.

"Also, direct marketing practices should be reviewed to ensure that new requirements are being considered."

Controversial and messy
Under the new laws companies that send personal information overseas will be liable for any breaches that occur through an overseas partner under Privacy Principle 8 on cross-border disclosure.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.