Unwary businesses risk copping tough new penalties if they don’t improve data collection, storage and management processes before next month, according to a technology expert.
Aaron Greenman, Director, IT Security & Privacy at Protiviti, says that the Privacy Commissioner will not shy away from using his new powers and come 12 March, companies should not expect a ‘softly, softly’ approach to enforcement.
The 13 Australian Privacy Principles (APPs) will significantly raise the bar on how businesses and federal government agencies collect, store and handle individuals’ personal information. The Office of the Australian Information Commissioner will able to levy penalties of up to $1.7 million and impose enforceable undertakings against non-compliant organisations once the new legislation comes into force.
“For the first time under Australian information privacy law, organisations have an express obligation to take positive steps to adopt practices and systems to protect personal data in accordance with the APPs,” said Greenman.
“Organisations will be saddled with a raft of new responsibilities including ensuring they have processes to deal with privacy complaints, making sure they are accountable for personal information disclosed to overseas parties, establishing security measures to prevent information breaches, and many more.”
He added that while government departments are generally well-prepared, Protiviti's experience has shown that the majority of corporates are not. Greenman recommends that companies take immediate steps to become APP-compliant.
“With the rise of online technologies and social media, community concerns about how organisations use or misuse private information are at an all-time high. Today, privacy is an issue that if done well, builds deep bonds of community trust and customer loyalty,” said Greenman.
“But on the flipside, when things go horribly wrong such as when a major security breach occurs, the public backlash and negative publicity can inflict long-lasting damage to corporate reputations and see customers deserting a company for a very long time”.
For more on the cyber risk and privacy landscape, see issue 3.1 of Insurance Business, arriving on desks early March.