Does your privacy policy comply with the privacy laws?

New privacy laws known as the Australian Privacy Principles were introduced in 2014, the laws are a new set of privacy principles affecting the handling of personal information.

If you have a website privacy policy you should review it for compliance with the privacy principles.

The aim of the principles is to bring Australia’s privacy laws (first introduced in 2001) in line with current technology trends and to provide more transparency around the capture and use of personal information.

The principles apply to organisations and Government agencies and fines of up to $1.7 million may apply for non-compliance.

The principles make it more difficult for businesses to collect information about consumers without their knowledge and changes how businesses handle, use, and store personal information and engage in direct marketing.

If your business is affected, you may need to update your privacy policy and your procedures and systems to comply with the law.

Which businesses are affected by the privacy laws?

If you generate more than $3 million in annual turnover and you handle personal information your business is affected. If you generate less than $3 million but your business is “trading in personal information” you may also be affected by the changes in the law.

What does “trading in personal information” mean?

Personal information is information that identifies, or could reasonably identify, an individual. This includes names, addresses, dates of birth and bank account details.

Trading in personal information includes collecting or providing personal information to a third party for a benefit, service or advantage. If you collect personal information and then provide it to a business to manage your direct marketing, you may be trading in personal information.

What are the key reforms?

The key reforms affecting small businesses, particularly in the online space, are that:

  • your privacy policy must address specific topics; and
  • you must have procedures and systems in place to ensure you comply with the new laws.

Companies face fines of up to $1.7 million for serious or repeated breaches of the Privacy Act. Sole traders and entities that are not companies face fines of up to $340,000.

How do I ensure my business complies?

You should conduct a review of your business and identify how you deal with personal information. The following elements need to be addressed:

 

Privacy Notice

When you collect personal information, inform individuals of your organisation’s name, contact details, the purpose of collection and to whom it will be disclosed.

 

Privacy Policy

Your privacy policy must address the required topics. These include:

  • What personal information you collect.
  • How you collect the personal information.
  • The purposes for which you use and disclose it.
  • If you provide personal information to parties overseas you need to disclose that and, if practicable, specify the countries where those parties are located.
  • Setting out how you secure and store personal information.

 

Systems

Establish a system to ensure that:

  • Staff who handle personal information comply with the new privacy laws.
  • Individuals can access their personal information and correct out of date or incorrect information.
  • You have a process to deal with complaints about your compliance with the laws.
  • Enables recipients of direct marketing material to unsubscribe.

Conclusion

You should review your business policies and procedures and identify how you deal with personal information. Following the review you should get your privacy policy in order and have procedures and systems to comply with the new law.

If you need more information or if you need assistance or advice on how to proceed please call us on 1800 640 509 or email mail@sajenlegal.com.au.


You may also be interested in:

‘Piggybacking’ under the Subcontractors’ Charges Act 1974

The Subcontractors’ Charges Act 1974 (Qld) (Act) is a powerful piece of legislation that can be used to protect the interests of subcontractors as against higher-tier contactors. Despite this, the Act has a number of strict requirements as to how and when its protections can be used. Many entities misunderstand these requirements and subsequently lose continue reading

read more

Directors’ Responsibilities – what are they?

A company is an association incorporated under the Corporations Act 2001 (Cth) (the ‘Act’). The effect of incorporation gives the company a separate entity, distinct from its directors and shareholders. It can enter into contracts, sue and be sued in its individual right. The Australian Investment and Securities Commission (ASIC) is the Government body authorised continue reading

read more

Corporate Governance – what is it?

In recent times the term corporate governance, and the increasingly popular good corporate governance, appear to be regular topics of discussion both in the media and the general population. These terms are regularly used when considering the actions of a wide range of companies from very small local companies through to global organisations such as continue reading

read more

Liability Limited by a scheme approved under professional standards legislation | Website by VA