New Australian Privacy Principles law comes into effect soon
Is your business in the retail, insurance, finance, recruitment or healthcare sector? Do you use computers in your business? If you answered yes to these two questions and you are not aware of the new Australian Privacy Principles law that is coming into effect on 12 March 2014, then this may affect you.
These new laws represent the biggest change to privacy laws that we have seen in the last 25 years, and the repercussions for you and your business if you are not safeguarding your clients’ personal information, can be business ending. Fines of up to $1.7m could be waiting for you if you have a breach of security on your IT infrastructure, and the Privacy Commissioner, Tim Pilgrim, has stated very clearly that there will be no more warnings issued and no excuses accepted. If you are not doing the right thing and ensuring the security of your clients’ private data, then you will pay the price.
The Australian Privacy Principles is a new set of principles that will cover both the public and private sector. They include amendments to the Privacy Act 1988, which are made through the new Privacy Amendment Act 2012, which is about to come into force via the Office of the Australian Information Commissioner (OAIC).
The major change that we are about to see is the introduction of the new Australian Privacy Principles regulation, which has really changed the way you need to look at your network security. Australian Government agencies have always been covered by Information Privacy Principles but now the private sector will also be covered by the new National Privacy Principles.
We have already been working with many of our clients to ensure they are ready for these changes. We start off our assessment of their compliance with the new laws by using the Australian Privacy Principles guidelines, which is a key resource in ensuring your compliance. These guidelines are a step by step guide to help formulate the practices and procedures needed to ensure compliance. Mr Pilgrim has been quoted as saying “Most of the requirements contained in the Australian Privacy Principles are not new, and business and government should be ready to hit the ground running come March 12.” So you have been warned. Are you sure you meet the requirements?
The businesses we feel are most vulnerable to these new laws are those that have the most valuable private client information stored on their systems and also have insufficient security to protect that information. This type of data can vary, and there is a huge range of what it could be—everything from medical records to credit card details, usernames, passwords and much more. We strongly recommend that you talk to us about conducting a review of your data collection and retention policies and practices, as time really is running out and now you have a lot more to lose than in the past.
IT security has always been a very big job for any organisation using computers, but if you start to plan for, and budget now, how you are going to mitigate these risks, then you will reduce your risk of breaching these new laws and suffering the severe penalties that come with such a breach. You need to start reviewing and testing your compliance to these new laws now. The first step would be to engage Res-Q IT to undertake a privacy audit to ascertain what personal client information is collected, where it is stored, how it is used and also importantly, how it is disposed of. You need to have statements in place that will disclose to your clients what data of theirs is gathered and how you intend to use that data. You also need to disclose how it will be stored and how it will be disposed of when you have finished with it. Very few privacy statements go this far, so even if you feel you are covered with these things, this may not be the case anymore.
If you need help understanding what it means to your business, we are always here to help.
What do you need to look out for:
- Wireless Security;
- The server you may not recall upgrading in the last 5 years.
- Access to a sensitive data by the employees.
- Data on the USB Memory sticks.
- Backup routine and where the information stored
- Cloud media: using
SkyDriveOneDrive or Google Drive? Running a Medical Practise?