The article that says it all: Are you prepared for the March 2014 Privacy Act changes?
January 8, 2014 |
On 5 December 2013 the Age ran a piece titled Are you prepared for the March 2014 Privacy Act changes? It is a piece, with helpful links to business.gov.au and the Privacy Commissioner’s site, that sets out directly and pithily the key issues that every organisation and agency needs to address now rather than in March 2014.
Does the Act apply to my business?
- trades in personal information
- provides services under a Commonwealth contract
- runs a residential tenancy database
- is related to a larger business
- is a reporting entity under the Anti-Money Laundering and Counter-Terrorism Financing Act.

What is changing?
- handle and process personal information
- use personal information for direct marketing
- disclose personal information to people overseas.
- investigate serious breaches (including the right to impose penalties on businesses)
- assess the privacy performance of businesses.



Connect with business.gov.au…
- Don’t get off to a shaky start. Watch our countdown of the Top 10 Bad Business Handshakes and find out how we can help businesses of all ‘shakes’ and sizes.
- Join business.gov.au on Facebook
to get the latest business news delivered straight to your news feed.
- On Twitter? Follow us
@business_gov_au.
- Watch our suite of useful business videos on our business.gov.au YouTube
channel.
- Visit our News and Features page to stay up to date with the latest business news this month.
DLA Piper intellectual property and technology partner Alec Christie said there was little understanding of what businesses had to change in order to be compliant.
“My feel is 50 to 60 per cent of corporate Australia will not be compliant by March 12 and either it is a hangover from not taking the previous law that seriously, because there weren’t penalties and fines, or it is just not on their to-do list,” he said.
The new privacy laws apply to all businesses that turnover more than $3 million a year and which collect personal data. This includes many online retailers and tech start-ups as well as large corporations and all federal government departments and agencies.
From March 12, the same set of rules, the Australian Privacy Principles (APPs), will apply to both businesses and federal government.
“It is certainly of most import online because we do so much online, but it is applicable to everything so good old-fashioned businesses that collect forms in hard copy it applies to them as well,” Mr Christie said.
Under the new laws, agencies and companies can be fined $1.7 million and individuals $340,000 for serious or repeated invasions of privacy.
“I think a lot of corporate Australia is just missing the point that this is not just a change to the wording but it is a complete change in the attitude.”
Currently, if company X collected personal information from a consumer and wanted to share it with company Y the only obligation on company X was to state in its privacy policy that it would share the information with a third party.
The new laws mean the obligation also falls on company Y to contact the consumer and let them know how they plan to use their data.
“That is a consequence which has possibly catastrophic knock-on circumstances,” Mr Christie said.
Organisations must have an up to date privacy policy and train their staff on it and privacy compliance.
Mr Christie said organisations needed to undertake a “mini privacy audit”.
“They need to look at what they collect, how they collect it, what purposes they use it for, how long they keep it and then map that against the APPs,” he said. “I think most of them will find at least one of those scenarios is contrary to what their obligations are.”
He said the privacy law changes would reinvigorate consumer interest in privacy.