The new pri­vacy regime

As a busi­ness owner, you need to be ready for the sig­nif­i­cant amend­ments to the Pri­vacy Act 1988 (Cth) (“the Act”) that come into ef­fect on 12 March 2014 and that could im­pact your busi­ness.

Business First - - CONTENTS - by Daniel Ko­vacs

These changes may mean that your pri­vacy poli­cies and pro­ce­dures need a rad­i­cal over­haul, or you may face very sub­stan­tial fines. Per­sonal in­for­ma­tion The new Aus­tralian Pri­vacy Prin­ci­ples (APPs) must be com­plied with if your busi­ness col­lects, uses, stores or re­ceives per­sonal in­for­ma­tion about in­di­vid­u­als. Per­sonal in­for­ma­tion has a broad mean­ing and in­cludes in­forma- tion or opin­ions about an in­di­vid­ual whose iden­tity is ap­par­ent from the in­for­ma­tion or opin­ion sup­plied.

It in­cludes in­for­ma­tion such as cus­tomer records, names, email ad­dresses, dates of birth, as well as more sen­si­tive in­for­ma­tion.

Pre­vi­ously it may have been enough to make sure that no breaches of pri­vacy were com­mit­ted by your busi­ness. The new regime now, in most cases, re­quires your busi­ness to have and im­ple­ment a ro­bust and ac­ces­si­ble writ­ten pri­vacy pol­icy which ad­dresses the fol­low­ing points: • the rea­sons your busi­ness col­lects the

in­for­ma­tion; • how the in­for­ma­tion will be col­lected

and used by your busi­ness; • the length of time the in­for­ma­tion

will be held by your busi­ness; • how an in­di­vid­ual can ac­cess and

cor­rect the in­for­ma­tion; • how the in­di­vid­ual can com­plain

The use of an in­di­vid­ual’s per­sonal in­for­ma­tion (in­clud­ing, for ex­am­ple, their home ad­dress to send ad­ver­tis­ing) may now re­quire the con­sent of the in­di­vid­ual.’

about breaches of pri­vacy; and • whether the in­for­ma­tion will be shared with other businesses (lo­cated in or out­side Aus­tralia). If your busi­ness re­ceives in­for­ma­tion about in­di­vid­u­als from an­other source, you may be re­spon­si­ble for mak­ing sure that the in­di­vid­ual con­cerned is aware of that fact. There are also new pro­vi­sions about: • how you can col­lect, use and dis­close

per­sonal in­for­ma­tion; • your obli­ga­tions re­gard­ing keep­ing

your records ac­cu­rate and up to date; • data in­for­ma­tion se­cu­rity; and • your abil­ity to dis­close per­sonal in­for

ma­tion over­seas. Pro­vid­ing credit A wide range of businesses will now be caught by the credit provider re­quire­ments which ap­ply more broadly than to tra­di­tional credit providers (such as banks and fi­nanciers).

You will be con­sid­ered a credit provider and have to com­ply with the oner­ous credit provider obli­ga­tions, (in­clud­ing pro­vid­ing de­tailed in­for­ma­tion about the kinds of credit checks you may per­form and how you may ac­cess and dis­close the per­sonal in­for­ma­tion of those seek­ing credit) if your busi­ness pro­vides cus­tomers with more than seven days credit.

Credit providers will there­fore need to up­date the fol­low­ing: • stan­dard terms and con­di­tions if goods or ser­vices are pur­chased on de­layed pay­ment terms; • credit ap­pli­ca­tion doc­u­men­ta­tion; • pri­vacy state­ments; and • any ar­range­ments with credit re­port

ing agencies.

Di­rect mar­ket­ing

The new regime also cov­ers the use of per­sonal in­for­ma­tion for di­rect mar­ket­ing.

The use of an in­di­vid­ual’s per­sonal in­for­ma­tion (in­clud­ing, for ex­am­ple, their home ad­dress to send ad­ver­tis­ing) may now re­quire the con­sent of the in­di­vid­ual.

These obli­ga­tions are additional to the re­quire­ments un­der Spam and the Do Not Call Reg­is­ter leg­is­la­tion. Penal­ties What hap­pens if you do not com­ply with these new re­quire­ments? Fines of up to $1.7 mil­lion may be im­posed for breaches by com­pa­nies. In­di­vid­u­als may be fined up to $340,000 for a breach. What you should do now You should seek le­gal ad­vice to de­velop a pri­vacy pol­icy that com­plies with the amended laws, if your busi­ness does not have a pri­vacy pol­icy. If you al­ready have a pol­icy, you should seek le­gal ad­vice to find out if your pri­vacy poli­cies and pro­ce­dures are ad­e­quate to com­ply with the new regime. Daniel Ko­vacs is a Spe­cial Coun­sel at Kliger Part­ners, spe­cial­is­ing in In­tel­lec­tual Property, IT and e-com­merce law. Kligers.com.au

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.