Written by Super User on 31 January 2022.
Today we are going to discuss changes in the Privacy Act Legislation by the Office of the Australian Information Commissioner, which now means that any business that employs staff or extends credit could face massive fines if they don’t have an up-to-date Privacy Policy protecting both the clients and employees personal information.
So today we are going to discuss,
Now you may or may not be aware there have been quite a number of changes to the Privacy Act Legislation over the past couple of years. To be honest there are far too many to go into in detail in one information Blog, especially if we were starting with the Australian Privacy Principles which were introduced in 2014.
So instead, we are going to talk about one of the latest changes to the Privacy Act Legislation which is the Notifiable Data Breach Amendment which came into effect on the 22nd of February 2018.
But just to be clear, every business subject to the Privacy Act, is required by law to be up to date with the Australian Privacy Principles. You as a business, are required to have a privacy policy, especially if collect data on anyone who interacts with your business. This includes both your clients and staff’s personal details.
Also considering most (if not all) websites will use cookies to gain an understanding of their website visitors’ behaviour, it’s safe to say that any business with an online presence requires not only a Privacy Policy for their overall business but also a privacy policy for their website which is normally called their Website Terms of Use.
The moment your business decides to handle any personal information, including the personal information of your clients, is when your business needs to demonstrate that they are clearly abiding within the Australian Privacy Principles as outlined in Schedule 1 of the Privacy Act 1988 (Privacy Act).
This is especially important if your business accepts Credit Cards or other forms of payment.
Not forgetting that if you are an employer who retains data on your employees such as their Tax File Number, for whatever reason, it is pivotal that you demonstrate your compliance with the Privacy Act. All it takes for a disgruntled employee to make a phone call, and you could be in a world of hurt.
There’s an enormous number of businesses who believe they have an up-to-date Privacy Policy, but they tend to be Privacy Policies they have copied from someone else and tend to only find out when it’s too late. A proper Privacy Policy talks specifically to your business and should be written specifically for your business. To give you an idea, the Privacy Policy Manual we supply our clients is 26 pages long.
Now getting back to the latest Amendment to the Privacy Act being The Notifiable Data Breach legislation, which as I said earlier came into effect in February 2018 and is the change in legislation that very few businesses are aware of.
The Notifiable Data Breach legislation essentially outlines now and why all businesses now need to notify the Office of the Australian Information Commissioner if their business suffers any sort of data breach. The most obvious of course is having their computer systems hacked, but it also includes having any sort of data misplaced or stolen data, which would include laptops, smartphones etc.
Given that most of you are only hearing about Notifiable Data Breaches for the first time let's go and make sure it’s real by going to the Office of the Information Commissioner to see examples of a data breach.
Examples of data breaches include:
In my personal opinion, the second one here is probably the biggest potential liability for most businesses, a disgruntled employee can do a lot of damage to your business, especially if your response is, data breach, what data breach, but that’s just me.
Now, if your business is subject to a data breach, there is a specific process your business needs to follow, which will of course depend on how severe your particular Data Breach is.There is a link in the above image, but I have to tell you, the fines are horrendous. The fine for an individual which could be made up of several offences is $420 000. The fine for a company could be as high as $2 100 000. And that is just for Notifiable Data Breaches, let alone other breaches to the Privacy Act.
In fact, 2018 saw an 8-fold increase in Reportable Data Breaches which resulted in 22% of those businesses having to shut their doors.
Having an up-to-date Privacy Policy for your business has never been more important.
If you would like to know more about "How You Can Save $1000's in Potential Liability" please feel free to request our FREE Privacy Facts Sheet here.
That’s It From Me, Until Next Time
Have a Great Day
With over 35 years’ experience Collection Consultancy Australia prides itself in offering Products and Services designed to Protect Business Assets and Cashflow. Quite often the process can start from simply making business owners aware that there is option available, through to business specific solutions and education. We are here to let business owners know that there can be a better way to secure their financial future.
PO Box 7160,East Brisbane QLD 4169.
Phone: 1300 565 988.
Email: info@collectionconsultancy.com.au
By using this website you agree to the use of cookies as described in our privacy Policy