On 12 March 2014, reforms to the Privacy Act 1988 (Cth) came into force. Ultimately, the changes relate to businesses’ handling of personal information, and impose more onerous requirements on business in the treatment of that information. If these changes are not complied with, businesses could face penalties for a breach of privacy.
The key changes to the Privacy Act include the introduction of:
- 13 Australian Privacy Principles (APPs);
- Greater powers given to the Australian Information Commissioner, including powers to seek penalties, for serious or repeated breaches; and
- A comprehensive credit reporting system, under which a broader range of credit related personal information is accessible to credit providers.
So what should businesses do to avoid breaching the new privacy laws?
First of all, businesses should seek independent advice tailored to their specific enterprise. However, they should also take the following steps to improve compliance:
- Ensure an up to date privacy policy is readily available, addressing specific matters that are outlined in the Privacy Act to avoid confusion;
- Know what personal information they collect and ensure they are only collecting personal information that is reasonably necessary for one or more of their functions or activities;
- Implement processes through which individuals can make enquiries or complaints about the handling of their personal information, or seek access or correction to their personal information;
- Implement security measures to protect personal information from misuse, interference and loss from unauthorised access, modification and disclosure;
- Review contracts and/or implement data transfer deeds with third party suppliers, particularly those overseas. Under the reformed Privacy Act, a business can be found liable for privacy breaches committed by an overseas entity to which the business has disclosed personal information;
- Review direct marketing procedures and ensure consent processes are in place where required and that recipients of marketing communications can easily opt out of receiving further material;
- Train staff on privacy compliance;
- Appoint a Privacy Compliance Officer responsible for overseeing privacy compliance in the business.
Some practical examples of daily instances that are affected by the reforms of the Privacy Act include the provision of employee details including their TFN’s on PAYG Payments Summaries,` and a request from your bank for your TFN in order to complete loan documents cannot be provided by email anymore.
Most of you would have noticed that we are now required to remove your personal or business TFN’s in providing copies of tax returns and/or ATO correspondence just to name a few.
If you have any questions about this post, or if you need some advice, please give us a call today .