Key Takeaways
- Audit your business privacy practices.
- Be aware that non-compliance with the Privacy Act carries significant reputation and financial risks.
- Consider whether your businesses treats your client’s and/or customer’s personal information in a transparent, accountable, and secure way.
It’s Privacy Awareness Week (6-12 May 2024), which makes NOW a great time for businesses to review their privacy practices.
The theme for PAW 2024 is “Power Up Your Privacy”.
In line with this theme, the Office of the Australian Information Commissioner (OAIC), is urging businesses to:
- be transparent about how they handle personal information;
- be accountable for how they treat personal information; and
- securely hold personal information.
The Australian Privacy Commissioner, Carly Kind has said “while individuals can all do our bit by having sound personal data practices, the biggest onus is on businesses and other organisations that hold data to make the right decisions to adequately protect and respect it, and not collect or keep what is not needed.”
What happens if you don’t comply?
It is critically important that businesses covered by Privacy Act 1988 (Cth) (the Act) comply with the Act including all Australian Privacy Principles. Breach of the Act can incur significant financial penalties (potentially $50 million or more in fines) and reputational loss.
If your business is covered by the Act (for example if it provides health services, or has an annual turnover of more than $3 million), PAW is a great opportunity to consider whether you are complying with best principle privacy practices.
What should businesses consider?
Key privacy awareness action items to consider include:
- Seek informed consent before collecting personal information;
- Have an up to date and accurate privacy policy;
- Ensure good housekeeping measures are in place to ensure unnecessary personal data is not being collected or stored;
- Have a plan in place in the event of a data breach, including a plan to report that breach to the OAIC if required;
- Staff trained appropriately on cybersecurity and privacy issues;
- Systems in place to guard against bad actors and human error; and
- Ensure outsourced handling of personal information to third parties is handled with care.
Businesses can visit https://paw.gov.au/ to learn more about Privacy Awareness Week and access OAIC resources.
Hillhouse Legal Partners can help you with questions relating to the treatment of personal or sensitive information, the preparation of a privacy policy, or if you have experienced a data breach how to manage this.
Contact Craig Hong or John Davies to discuss your situation further.
The information in this blog is intended only to provide a general overview and has not been prepared with a view to any particular situation or set of circumstances. It is not intended to be comprehensive nor does it constitute legal advice. While we attempt to ensure the information is current and accurate we do not guarantee its currency and accuracy. You should seek legal or other professional advice before acting or relying on any of the information in this blog as it may not be appropriate for your individual circumstances.