By Martin Quinn (Principal Consultant) 20 January 2014
Many businesses may not be aware of the imminent changes regarding the Australian Privacy Principles (APP) and how they affect their business. Previously these principles were known as the National Privacy Principles (NPP), and as of 12 March 2014, the amended principles will be enforceable by the Office of the Australian Information Commissioner.
The NPP previously covered 10 principles, the new Australian Privacy Principles have been expanded to cover 13 principles. Under the new changes, a number of APPs are significantly different, for example Australian Privacy Principle 7 on the use of personal information for direct marketing and Australian Privacy Principle 8 on cross-border disclosure of personal information.
The Australian Information Commissioner (the Information Commissioner) will also have enhanced powers, which include the ability to:
- enforce undertakings
- seek civil penalties in the case of serious or repeated breaches of privacy
- conduct assessments of privacy performance for both Australian government agencies and businesses.
You can understand that the playing field has changed significantly. But the main questions are how does this affect me? Business need to ask themselves the following questions and be able to adequately answer them through documentation and processes:
Answer: Only collect information you need, Ensure that individuals know what you collect and why.
2) Do you currently have any procedures for handling this type of information? Do you know what to do in the event of a complaint?
3) Do you collect sensitive data that requires higher protection than other sensitive data?
Answer: Document and Tell people how you are going to handle the personal information you collect about them. Make sure individuals, if they want to, can access their personal information.
4) Do you receive unsolicited personal information? How do you deal with it?
5) What purpose do you disclose personal information?
6) Do you use personal information for direct marketing purposes?
7) Does your business utilise government identifiers? Are you permitted to use these identifiers?
Answer: Think before disclosing personal information. Make sure you understand what you can and cannot disclose.
8) Does your business reconcile the personal information to ensure it is up to date, complete and accurate? How does your business make corrections to personal information if need be?
Answer: Keep personal information accurate and up to date.
9) Has your business taken measures to ensure that personal information is protected? And how do you destroy the information when it is no longer needed?
10) Does any personal information leave our borders? Do you have arrangements with the recipients on how they deal with this information?
Answer: Keep personal information secure. Don’t keep information you no longer need or that you no longer have to retain
As you can see there is a lot to think about and implement in a relatively short period of time. If your business needs help to understand the 13 Australian Privacy Pricipless or needs to overhaul your current processes and policies contact Intact Security today, for an obligation free quote on (02) 8070 0083
Relax. Your security is Intact.
Author: Intact Security