Your 2014 legal, tax and super bible: What the government’s changing and how it affects you

Privacy rights: The government is beefing them up, and if you turn over more than $3 million a year, you need to be ready

In 2012, the Gillard government passed no less than 250 pages worth of amendments to the Privacy Act.

Most of these come into effect in March 2014, and if your business turns over more than $3 million a year, you better be ready.

The changes are quite significant, David Smith, a partner at Corrs Chambers Westgarth, recently told SmartCompany: “It’s a far higher bar than what existed previously.”

From March, all businesses with turnover of over $3 million will have to publish a freely available privacy policy, which must contain:

• The kinds of personal information your business collects
• How you collect that information
• The purposes for which you collect, hold, use and disclose that information
• How individuals can access the personal information you hold on them and seek to correct that information
• How individuals can complain to you about a breach of the Australian Privacy Principles, and how you will deal with complaints
• Whether you are likely to disclose information to overseas recipients, and if so, in which countries are those recipients likely to be based

For businesses using overseas data centres, they’ll have to make sure those businesses comply with Australian privacy principles.

There are hefty fines for businesses that fall foul of the new rules: up to $1.7 million for repeated or serious breaches of the act. It’s a significant increase to the powers of the Privacy Commissioner, says Justin Cudmore, a partner at Marque Lawyers.

“Under the current act, the Commissioner has little ability to do anything to enforce the privacy laws,” he says.

“As a result of the changes, the Commissioner will be able to seek civil penalties for privacy breaches (i.e. make you pay up to $340,000 for individuals and $1.7 million for companies), and accept enforceable undertakings (meaning you promise to do something regarding privacy, and if you break that promise you could be required to pay compensation).

“The Commissioner will also have much broader powers to investigate suspected privacy breaches. To date, he has generally only investigated where there has been a serious complaint or a lot of media attention.”

The changes also apply to marketing materials. Under the Spam Act, you have to give people easily accessibly ways to unsubscribe from mailing lists. However, the Privacy Act changes will also place new restrictions on direct marketing materials sent in the mail, requiring you to maintain a simple mechanism by which people can opt out of further marketing, and including a statement on your marketing saying how they can do so.

Two exceptions to the act continue to apply: employees will not have the same rights to access their data, nor will corporate bodies have a right to access information you might keep about their company.

Story continues on page 3. Please click below.