Monday, February 17, 2014
Beginning 12 March 2014, new government regulations designed to protect the privacy of individuals will go into effect.
These laws are applicable to any business with annual revenues in excess of $3 million that collect personal data about a customer. The actual phrasing of the section concerning the collection of personal data is, "information or an opinion about an identifiable individual, or an individual who is reasonably identifiable."
There are 13 additional Australian Privacy Principles (APPs) in addition to those already in effect, that set out specific guidelines about how businesses that are subject to the regulations can achieve compliance.
For the most part, these APPs are the sort of things businesses of all sizes, not simply those to which the regulations apply, routinely do in order to maintain commercial relationships with their customers, but March is when there will be the weight of law behind them.
Violation of the principles could carry penalties in the form of fines of up to $1.7 million in the case of a privacy breach by a company. Individuals could be subject to a maximum fine of $340,000.
One of the key elements of the APPs is that companies must make a sincere and legitimate effort to inform clients and potential clients that private information is indeed being collected and the purpose for collecting that information. Companies must provide notice of the intent to collect information at the point that private data collection begins.
Another important provision for consumers is the simple ability to opt out of having data collected that would/could be used for direct marketing.
Significant prohibitions to the new APPs include the collection of "sensitive" information, such as any that would relate to race, religious preferences or health and a requirement for companies to delete information that was not requested from the customer/potential customer.