In March 2014 important reforms to the Privacy Act 1988 (Privacy Act) will come into effect. There will be 13 new privacy principles (APPs) enunciated in the legislation. They replace the existing ten National Privacy Principles (NPPs). Almost all organisations will need to take heed of them. This week is Privacy Awareness Week. A significant focus of the week is promotion of the current and proposed obligations under the Privacy Act. This is a good opportunity to kick start your preparation for the amendments to the Privacy Act.
In essence, most government and private organisations will be required to have in place proper systems to control the collection, accuracy of, storage of, and protection of, personal information. They will also have to delete out dated and redundant information. In addition, they will come under obligations not to share that information without an individual’s consent, particularly not to allow the information to be held by others who are not the subject of principles similar to the 13 privacy principles. This, in turn, has significant impacts on the retention and storage of digital information, particularly where cloud based services are used. Organisations will need to have a proper understanding of how their information is stored, where their information is stored and the method by which that stored information is held protected and confidential. If it involves offshore storage, organisations will need to understand whether the storing party complies with standards equivalent to the APPs.
In addition, organisations will need to have proper processes and plans to deal with situations where there is a breach of their security, either as a result of an internal error or as a result of external malicious attack.
An understanding of the obligations is crucial to ensure that there may be an appropriate response to these obligations. An appropriate response, although likely to involve both cost and time, will be an investment to an organisation, if it is undertaken to improve an organisation’s business processes.