Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Is your business ready?
The New Privacy Act Changes (2014)
June, 2014
Legal Disclaimer
This presentation is offered for general information
purposes only. It does not constitute specific legal...
Introduction
If your business is engaged in:
 direct marketing;
 is thinking about a move to cloud-based IT services; or...
Introduction
Effective 12th March 2014, the changes came into
force as a result of the Privacy Amendment
(Enhancing Privac...
Introduction
If your business has an annual turnover of more
than $3 million or is a health service provider,
the Privacy ...
Introduction
Applicable organisations and Government
agencies will now need to ensure they have a
compliant privacy policy...
What are the major changes to the
Privacy Act?
1. Privacy Commissioner Powers
The Privacy Commissioner now has increased
powers that include the ability to seek a penalt...
2. Data Management Obligations
New Australian Privacy Principles (APPs) are now
in place that affect how/when personal inf...
3. Stricter Penalty Scheme
The Privacy Act now has a much
stricter compliance and penalty
regime that specifically impacts...
4. Complete Transparency
The new APPs have been put in place to ensure
organisations and agencies are completely open
and ...
5. Credit Reporting Obligations
The Office of the Australian Commissioner
(Privacy Commissioner) has introduced a new
cred...
What should businesses do to
reduce risk?
1. Clarification of Personal Information
Organisations and agencies will need to determine
what information they collect a...
2. Update All Relevant Documentation
Businesses will need to update their policies,
procedures and statements to reflect t...
2. Update All Relevant Documentation
All documentation should now refer directly to the
new APPs, not the old National Pri...
2. Update All Relevant Documentation
As most privacy policies are
considered to be too long and
difficult to read, we reco...
2. Update All Relevant Documentation
In fact, in the last review by the
Privacy Commissioner, it was
found that none of th...
3. Prepare Internal Privacy Compliance Guide
This guide is an internal document that details:
a) An introduction and summa...
3. Prepare Internal Privacy Compliance Guide
This guide is an internal document that details:
d) Steps to take when faced ...
4. Training Compliance Program
Preparing a compliance guide is the first step to
initiating a compliance program.
A privac...
5. Testing & Audits
Once the documentation is up-to-date and the
compliance program has been established,
organisations an...
5. Testing & Audits
Online business transactions, internet banking and
global data dissemination are all on the rise - mak...
Turnbull Hill Lawyers – Contact Us
If you have any further questions about privacy or
you'd like to discuss a related matt...
Upcoming SlideShare
Loading in …5
×

Is your business ready for the new Privacy Act changes?

804 views

Published on

This presentation provides Australian business owners with an overview of the recent amendments to the Privacy Act. These new changes will greatly impact all businesses so it's important to be prepared and ready.

  • Login to see the comments

  • Be the first to like this

Is your business ready for the new Privacy Act changes?

  1. 1. Is your business ready? The New Privacy Act Changes (2014) June, 2014
  2. 2. Legal Disclaimer This presentation is offered for general information purposes only. It does not constitute specific legal advice or opinion. You should not act or rely upon any of the information contained within this seminar without seeking the advice of a qualified solicitor who specialises in the particular area of expertise and jurisdiction that you require.
  3. 3. Introduction If your business is engaged in:  direct marketing;  is thinking about a move to cloud-based IT services; or  collects, stores and discloses personal information to third parties You need to be aware of recent amendments to the Privacy Act 1988
  4. 4. Introduction Effective 12th March 2014, the changes came into force as a result of the Privacy Amendment (Enhancing Privacy Protection) Act 2012. These changes apply to:  all Government agencies;  most private organisations, including partnerships, trusts, individuals, body corporates; and  unincorporated associations.
  5. 5. Introduction If your business has an annual turnover of more than $3 million or is a health service provider, the Privacy Act applies and many small businesses also have to comply, particularly those small businesses that collect personal information (other than their own employees' information).
  6. 6. Introduction Applicable organisations and Government agencies will now need to ensure they have a compliant privacy policy that is in line with these new changes, including any related operational policies, procedures and collection statements.
  7. 7. What are the major changes to the Privacy Act?
  8. 8. 1. Privacy Commissioner Powers The Privacy Commissioner now has increased powers that include the ability to seek a penalty of up to $1.7 million for a repeated or serious breach of privacy laws. Timothy Pilgrim Federal Privacy Commissioner
  9. 9. 2. Data Management Obligations New Australian Privacy Principles (APPs) are now in place that affect how/when personal information can be collected and how that information can be passed on to third parties. This includes:  when consent to collect personal data is required;  the rights of individuals to access, correct and delete their own personal information once it has been collected; and  how these individuals can lodge complaints about any interferences with their privacy and resolve these issues.
  10. 10. 3. Stricter Penalty Scheme The Privacy Act now has a much stricter compliance and penalty regime that specifically impacts how organisations collect and retain personal information, engage in direct marketing practices, utilise cloud-based services and disclose personal information to entities outside of Australia.
  11. 11. 4. Complete Transparency The new APPs have been put in place to ensure organisations and agencies are completely open and transparent about the way they collect, retain and use personal information.
  12. 12. 5. Credit Reporting Obligations The Office of the Australian Commissioner (Privacy Commissioner) has introduced a new credit-reporting code with a move towards more comprehensive credit reporting accompanied by enhanced privacy protections relating to notification, data quality, access and correction, and complaints. To maintain compliance, your privacy policy should deal specifically with how personal information used in credit reporting is collected, stored, used and disclosed
  13. 13. What should businesses do to reduce risk?
  14. 14. 1. Clarification of Personal Information Organisations and agencies will need to determine what information they collect and hold is actually “personal information”. Personal information is defined as being: "Information or an opinion about an identified individual, or an individual who is reasonably identifiable: (a) whether the information or opinion is true or not; and (b) whether the information or opinion is recorded in a material form or not".
  15. 15. 2. Update All Relevant Documentation Businesses will need to update their policies, procedures and statements to reflect the changes. The privacy policy should be updated first as it is usually public and available online.
  16. 16. 2. Update All Relevant Documentation All documentation should now refer directly to the new APPs, not the old National Privacy Principles. It should also state the ways in which an individual can complain about privacy breaches and how those complaints will be dealt with and resolved. Finally, it should disclose, transparently, if and how the individual’s personal information is going to be disclosed to any third parties and/or overseas recipients (including any intended countries).
  17. 17. 2. Update All Relevant Documentation As most privacy policies are considered to be too long and difficult to read, we recommend that all external documentation be clear, concise, readable and presented in plain English.
  18. 18. 2. Update All Relevant Documentation In fact, in the last review by the Privacy Commissioner, it was found that none of the privacy policies reviewed met the Commissioner’s preferred reading age level of 14. This is why we recommend avoiding using legal terms, jargon and in-house/industry terms.
  19. 19. 3. Prepare Internal Privacy Compliance Guide This guide is an internal document that details: a) An introduction and summary about privacy laws and why those laws are applicable and important to the business; b) Rules for collecting, storing, using and disclosing personal information; c) Procedures for handling complaints from individuals and resolving those complaints;
  20. 20. 3. Prepare Internal Privacy Compliance Guide This guide is an internal document that details: d) Steps to take when faced with a decision that relates to collection, storage, use and disclosure of personal information, for example, when faced with entering into an agreement with an overseas partner; and e) Details about who is responsible for privacy compliance, including contact details for external providers or recipients.
  21. 21. 4. Training Compliance Program Preparing a compliance guide is the first step to initiating a compliance program. A privacy compliance program involves educating and training the staff responsible for collecting, storing, using and/or disclosing personal information. It also involves ensuring security systems are in place to protect the integrity of personal information.
  22. 22. 5. Testing & Audits Once the documentation is up-to-date and the compliance program has been established, organisations and agencies should test out their procedures by conducting an audit. The procedures used to collect, store, use, disclose and protect personal information all need to be tested properly to ensure they are fully compliant. The goal of such an audit is to identify problem areas that will need to be later rectified
  23. 23. 5. Testing & Audits Online business transactions, internet banking and global data dissemination are all on the rise - make sure your business is ready to keep pace with the new privacy laws. You can visit the Office of the Australian Information Commissioner for more information (www.oaic.gov.au).
  24. 24. Turnbull Hill Lawyers – Contact Us If you have any further questions about privacy or you'd like to discuss a related matter, please call contact our Business Law team. We will endeavour to respond to your enquiry within 24 hours.

×