Privacy – new obligations – is your company ready?
Significant changes to Australian privacy law will take effect in March 2014. In this Focus Paper, we take a look at what these reforms mean for your company.
A new set of mandatory privacy principles, known as the Australian Privacy Principles (or APPs),will combine and replace the National Privacy Principles and the Information Privacy Principles contained in thePrivacy Act 1988 (Cth).
The new APPs apply to all direct selling organisations with a minimum annual turnover of $3 million which must, by 12 March 2014, amongst other matters:
- not use or disclose any information they may hold about an individual for direct marketing, subject to specific exceptions;
- take certain steps before providing an overseas organisation (including related companies) with personal information;
- have in place an adequate scheme allowing access to personal information and a complaint handling process; and
- comply with requirements regarding unsolicited information.
The Privacy Act amendments also give the Australian Privacy Commissioner greater enforcement powers. The Commissioner will be able to apply to a court for a civil penalty order against organisations and individuals for serious and repeated breaches of the Privacy Act. Maximum penalties will be $340,000 (for individuals) and $1.7 million (for companies).
Accordingly, direct selling organisations should become familiar with their obligations under the
Privacy Act and take steps to become compliant.
We have previously addressed some of the key privacy law changes for direct selling companies in our Focus Paper published in March 2013.1
Changes to Privacy Regulation
So how will this impact upon your direct selling company? Set out below in the next paragraph is a summary of those matters which you must consider now to ensure you comply fully by March 2014. A fuller summary is available on request email@example.com.
How might these changes impact on your business?
If you have not already, you should as soon as possible:
- conduct a privacy audit;
- when direct marketing, provide a clear and simple method that allows targeted consumers to opt out;
- keep more detailed, accurate and current records as to how personal information is obtained as individuals will be able to request details of how you obtained their personal information;
- arrange for relevant employees to have privacy training;
- ensure you have complaint handling processes in place;
- nominate a staff member to be the “Privacy Officer” to handle complaints;
- set up a specific email address to which privacy queries and complaints may be sent, such firstname.lastname@example.org”; and
- take steps to ensure appropriate measures are in place where personal information is likely to be sent overseas. Given your company could be liable for any breach by an overseas recipient, you should take steps to ensure that, if personal information is sent overseas, the recipient complies with stringent obligations in connection with the protection of privacy.
Given your company must comply fully by 12 March 2014, you should be taking these steps now.
How can we work together? Please contact me if you have any needs in relation to Intellectual Property or Commercial Corporate law needs.
Sweeny Legal announces its Virtual Lawyer Service Available in Wollongong. Tomorrow’s Lawyer Today.
This Service saves you time, it is convenient, and saves on costs. Alternatively I can come and visit your Office and review your needs.
Please contact me if you need commercial assistance or if you need commercial agreements, either reviewed, gap analysis or drafting, for example, Commercial and IP Agreements, Business Relationship Agreements or License Agreements.
Please contact Sweeny Legal or Brandsworth Licensing should you require any assistance with any Intellectual Property (IP) rights, Commercial Agreements of any type, or IP Business Strategies.