Threat of $1.7m privacy fines serious
It seems every day or week of the year has been taken as a celebration of some description – from Play Your Ukulele Day to International No Diet Day.
This week was Privacy Awareness Week and the Australian privacy commissioner, Timothy Pilgrim, took the opportunity to send very stern warnings to businesses that do not change their privacy practices to comply with the new privacy laws that take effect from March next year.
Your business would do well to take him seriously: he now has the power to issue fines of up to $1.7 million. The clear message is that all businesses in Australia must review their privacy policies this year.
The major things you need to know about the new privacy laws are:
The laws take effect in March 2014, but you should change your privacy policies and procedures well before then.
The principles arising from the privacy laws used to be called the National Privacy Principles (NPPs) but are have changed and are now the Australian Privacy Principles (APPs).
Review privacy policies
Sending information overseas
If you are likely to send information overseas, then the new law requires that you state to which countries you are likely to send the information. This is particularly important if you use any cloud computing services, as many of the servers providing these services are located overseas.
If you use direct marketing to find customers, then the APPs have changed the requirements around getting consent from people. Also, you will be required to tell people where you got their details from. Can your current customer relationship management (CRM) system do that? It’s time to check.
It is important to start reforming your privacy practices now, as the new rules will definitely see more companies penalised for data breaches. Otherwise, you may find that you have to celebrate August 31: International Love Litigating Lawyers Day.