Australian Companies Nearing Privacy Laws Deadline

Australian companies that fail to strengthen their data collection, storage and management processes in response to new privacy rules, risk incurring tough penalties from a regulator with wider powers, warns Protiviti.

The risk consulting firm said that from 12 March the Australian Privacy Principles (APPs) will replace existing Information Privacy Principles and National Privacy Principles. The 13 APPs significantly raise the bar on how businesses and federal government agencies collect, store and handle individuals’ personal information.

The new rules also strengthen the privacy regulator’s enforcement powers with the Office of the Australian Information Commissioner (OAIC) able to levy penalties of up to A$1.7m and impose enforceable undertakings against non-compliant organisations.

“For the first time under Australian information privacy law, organisations have an express obligation to take positive steps to adopt practices and systems to protect personal data in accordance with the APPs,” said Aaron Greenman, director, IT security and privacy at Protiviti.

“Organisations will be saddled with a raft of new responsibilities including ensuring they have processes to deal with privacy complaints, making sure they are accountable for personal information disclosed to overseas parties, establishing security measures to prevent information breaches, and many more.

“These wide-ranging changes will have a big impact on organisations that collect a lot of personal information such as online businesses, retailers, utilities, healthcare providers, communications companies and most businesses in the finance and insurance sectors. Yet, while government departments are generally well-prepared, regrettably, our experience has shown that the majority of corporates are not.”


Related reading