Create a free account, or log in

Privacy Act changes: What SMEs must know

The naysayers There are some major concerns about the impending Privacy Law reforms. The Australian Privacy Foundation has voiced significant concerns about the bill and recommends it be defeated or withdrawn. In its current form, it is a backward step in Australia’s privacy protection, it says. The Australian Direct Marketing Association (ADMA) also has concerns […]
Nina Hendy
Nina Hendy

The naysayers

There are some major concerns about the impending Privacy Law reforms.

The Australian Privacy Foundation has voiced significant concerns about the bill and recommends it be defeated or withdrawn. In its current form, it is a backward step in Australia’s privacy protection, it says.

The Australian Direct Marketing Association (ADMA) also has concerns about proposed changes.

ADMA CEO Jodie Sangster says the changes will restrict the way businesses can communicate with their customers through traditional marketing channels as well as digital channels such as online and social media.

“We will be the only country in the world with such a restriction, which will place Australian businesses and consumers at a distinct advantage,” Sangster says.

ADMA is also concerned that the new law includes a provision that states that direct marketing is prohibited, which is completely misleading given direct marketing is still permitted under the new law, but within certain confines.

“The statement that direct marketing is prohibited is going to lead to consumer confusion given that consumers are going to continue to receive direct marketing from companies. This will lead to an increase in complaints,” Sangster says.

A good solution would be to require companies to include opt-out mechanisms in their privacy policies, which should be accessible via a company website.

“This would ensure the consumer always knows where to go to express their preferences. It would also set a clear industry standard that all companies can adhere to,” she says.

How to remain protected

Direct marketers and any companies that hold large amounts of customer data should conduct a thorough audit of their privacy policies and processes, Deady says.

While the bill is being considered, businesses should conduct an evaluation of their data security and privacy practices, he says.

“Businesses are often caught out breaching privacy despite their best intentions. If a company is unlucky enough to breach privacy in the near future, it could have substantial financial consequences,” Deady says.

Pilgrim also highlights the importance of conducting a Privacy Impact Assessment (PIA) when commencing new projects.

“Build your privacy in at the beginning; don’t bolt it on as an afterthought,” he says.

“All businesses should conduct a PIA to make sure that potential privacy risks are considered at the start of any project and that risk mitigation strategies are put in place.”

What is a Privacy Impact Assessment?

A PIA is an assessment tool to help businesses manage privacy impacts. It can help identify when personal information collection may be unnecessary, or when a project has poor accountability or oversight processes.

While the Privacy Act does not refer to PIAs or require organisations to complete one, it is in an organisation’s best interests to complete one for any projects that handle personal information.

Analysing privacy impacts during a project’s design phase enables a business to manage negative privacy impacts and avoid costly or embarrassing privacy mistakes.

For more information click here.

Six key areas of the privacy reforms:

  • Clearer and tighter regulation of the use of personal information for direct marketing.
  • Extending privacy protections to unsolicited information.
  • Making it easier for consumers to access and correct information held about them.
  • Tightening the rules on sending personal information outside Australia.
  • A higher standard of protection over sensitive information, including health related data, DNA and biometric data.
  • Greater power to the Privacy Commissioner to resolve complaints, conduct investigations and promote privacy compliance.

Source: Federal Government

This article first appeared on StartupSmart.