What the Privacy Act changes mean for your business

With new Privacy Act reforms coming into play on March 12, it's time to tighten up your privacy precautions and make sure your business is ready to avoid fines and potential pitfalls.

Falling foul of the Privacy Act

A new, stricter regime means businesses will no longer be able to avoid prosecution or fines by being underprepared or unaware of the new requirements. As of March 12, the Australian Information Commissioner will have the power to prosecute serious breaches and hit corporations with penalties of up to $1.7 million.

Key changes to the Act

Don't assume that just because you were already following the rules in the Privacy Act that you are still compliant. The new reforms will see the 10 National Privacy Principles applicable to the private sector replaced with 13 Australian Privacy Principles.

Businesses also have increased obligations when it comes to the use of personal details for direct marketing and overseas disclosure of personal information. There are also changes to credit reporting procedures, thanks to the introduction of a whole new system.

Additionally, small businesses with a turnover of under $3 million are exempt from the Privacy Act – although there are some exceptions.

Keep your business on the right side of the changes

• If you don't already have a privacy policy, now is the time to create one. If you do, it will need to be amended to comply with the new 13 Australian Privacy Principles.
• Ensure all staff know what is in the policy and understand how to follow it correctly. Set up training sessions and bear in mind that your business is liable for any privacy mistakes your staff make.
• To help ensure your business follows the required steps, appoint a privacy compliance officer and create a central point for questions. Then make sure all your employees know about it.
• It's also important to set up a process for dealing with any potential privacy complaints or enquiries. Your business must be able to process communications about customer privacy quickly, efficiently and correctly.
• You should also review all the various ways you collect personal information from your customers. It could be that you have systems you aren't aware of or have forgotten about, but the new reforms mean you need a tight rein on all avenues of information.
• Check your direct marketing processes too, as it's important to let your customers opt out if they want to. You also need to be following consent requirements where necessary.
• Another vital step is a thorough check of all your overseas suppliers. Be sure to amend individual contracts as needed. If any of your suppliers are breaching the Privacy Act, your business can be counted liable.

In addition to considering all of these potential issues, your business should seek compliance advice. Don't delay when it comes to checking your privacy regulations – the new Act could leave you severely out of pocket and you may be able to avoid penalties by making a few relatively easy changes to your policies.