Legislation Changes That Could Cost Your Business $1000’s

Privacy Policies and the Potential Liability associated with changes to the Privacy Act 1988 (2022)

Overview

Today we are going to discuss changes in the Privacy Act Legislation by the Office of the Australian Information Commissioner, which now means that any business that employs staff or extends credit could face massive fines if they don’t have an up-to-date Privacy Policy protecting both the clients and employees personal information. 

So today we are going to discuss,

• What are the changes in legislation to the Privacy Act?
• What are the potential costs of not having an up-to-date Privacy Policy for your business?
• What steps you can take to avoid the passive fines for breaching the Privacy Act 

What Are The Changes in Legislation?

Now you may or may not be aware there have been quite a number of changes to the Privacy Act Legislation over the past couple of years. To be honest there are far too many to go into in detail in one information Blog, especially if we were starting with the Australian Privacy Principles which were introduced in 2014.

So instead, we are going to talk about one of the latest changes to the Privacy Act Legislation which is the Notifiable Data Breach Amendment which came into effect on the 22^nd of February 2018.

But just to be clear, every business subject to the Privacy Act, is required by law to be up to date with the Australian Privacy Principles. You as a business, are required to have a privacy policy, especially if collect data on anyone who interacts with your business. This includes both your clients and staff’s personal details.

Also considering most (if not all) websites will use cookies to gain an understanding of their website visitors’ behaviour, it’s safe to say that any business with an online presence requires not only a Privacy Policy for their overall business but also a privacy policy for their website which is normally called their Website Terms of Use.

The moment your business decides to handle any personal information, including the personal information of your clients, is when your business needs to demonstrate that they are clearly abiding within the Australian Privacy Principles as outlined in Schedule 1 of the Privacy Act 1988 (Privacy Act).

This is especially important if your business accepts Credit Cards or other forms of payment.

Not forgetting that if you are an employer who retains data on your employees such as their Tax File Number, for whatever reason, it is pivotal that you demonstrate your compliance with the Privacy Act. All it takes for a disgruntled employee to make a phone call, and you could be in a world of hurt.

There’s an enormous number of businesses who believe they have an up-to-date Privacy Policy, but they tend to be Privacy Policies they have copied from someone else and tend to only find out when it’s too late. A proper Privacy Policy talks specifically to your business and should be written specifically for your business. To give you an idea, the Privacy Policy Manual we supply our clients is 26 pages long.

Notifiable Data Breach Legislation

Now getting back to the latest Amendment to the Privacy Act being The Notifiable Data Breach legislation, which as I said earlier came into effect in February 2018 and is the change in legislation that very few businesses are aware of.

The Notifiable Data Breach legislation essentially outlines now and why all businesses now need to notify the Office of the Australian Information Commissioner if their business suffers any sort of data breach. The most obvious of course is having their computer systems hacked, but it also includes having any sort of data misplaced or stolen data, which would include laptops, smartphones etc.

Given that most of you are only hearing about Notifiable Data Breaches for the first time let's go and make sure it’s real by going to the Office of the Information Commissioner to see examples of a data breach. 
 

Examples of data breaches include:

• Not only the loss or theft of physical devices (such as laptops and storage devices) but also of paper records that contain personal information
• unauthorised access to personal information by an employee
• inadvertent disclosure of personal information due to ‘human error’, for example, an email sent to the wrong person
• disclosure of an individual’s personal information to a scammer, as a result of inadequate identity verification procedures.

In my personal opinion, the second one here is probably the biggest potential liability for most businesses, a disgruntled employee can do a lot of damage to your business, especially if your response is, data breach, what data breach, but that’s just me. 

22% of Businesses Went Out Of Business Due To Privacy Breaches

Now, if your business is subject to a data breach, there is a specific process your business needs to follow, which will of course depend on how severe your particular Data Breach is.
There is a link in the above image, but I have to tell you, the fines are horrendous. The fine for an individual which could be made up of several offences is $420 000. The fine for a company could be as high as $2 100 000. And that is just for Notifiable Data Breaches, let alone other breaches to the Privacy Act.

In fact, 2018 saw an 8-fold increase in Reportable Data Breaches which resulted in 22% of those businesses having to shut their doors. 

Why                     

• As we just spoke about, Fines, Compensation and Damages
• Loss of Trust and Reputation
• Loss of Clients and Revenue

Having an up-to-date Privacy Policy for your business has never been more important.

If you would like to know more about "How You Can Save $1000's in Potential Liability" please feel free to request our FREE Privacy Facts Sheet here.

That’s It From Me, Until Next Time

Have a Great Day