Privacy law reforms: what you need to do

As the 12 March 2014 commencement date for the Privacy Act amendments approaches it is important for every business (unless they are a “small business”) to put a privacy review project in place.

What do you need to do?

  • Review your policies, notices and consents
  • Adopt a timetable which allows for printing and IT changes

You will need to change your privacy policy to:

  • include details of how a person can seek access to their personal information and correction of the information;
  • explain how a person can complain about a breach of the APPs and how you will deal with privacy complaints;
  • specify if you are likely to disclose personal information to recipients overseas and, if so, the countries in which such recipients are likely to be located; and
  • Remove references to “NPPs”.

You will need to provide more information to individuals when you collect their personal information:

  • if you are likely to disclose their personal information to recipients overseas and, if so, the countries in which such recipients are likely to be located;
  • that your privacy policy includes details of how to seek access to their personal information and correction of the information; and
  • that your privacy policy includes details of how to complain about a breach of the APPs and how you will deal with privacy complaints.

You will also need to implement a privacy compliance program that:

  • ensures your organisation complies with the APPs;
  • enables your organisation to deal with inquiries or complaints about compliance with the APPs; and
  • establishes procedures to identify and manage privacy risks and compliance issues.

Change your direct marketing practices for materials sent in hard copy and social media mechanism allowing individuals to “opt out” of further direct marketing:

  • include a statement that a request to “opt out” can be made;
  • obtain an individual’s consent before using their sensitive information for direct marketing; and
  • maintain details of the source of the personal information you use for direct marketing.

Review your current arrangements for offshore data storage or processing:

  • Draft new standard offshore outsourcing terms
  • Review storage and security
  • Train your staff

Credit: review your commercial and consumer credit applications and credit check and default reporting procedures.

The OAIC has not yet authorised a Credit Reporting Code of Conduct.

The OAIC has published an APP Checklist.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.