The most significant changes to Australian privacy laws in over twenty-five years came into effect in March. Facing harsher financial penalties for mismanaging personal information, individuals and organisations will be forced to ensure their IT applications comply with the new privacy legislation.
“It’s more important than ever for organisations to validate their system security,” said Kareem Tawansi, CEO of the Solentive Technology Group.
The 13 privacy rules will replace the current credit reporting provisions in the Privacy Act 1988, and were introduced in response to an increase in complaints to the Australian Privacy Commission in the last few years. Australian Privacy Principles (or APPs) will provide people with better access to their own personal information, and control over how it is used.
The new laws create a greater responsibility for Australian Government agencies, private sector businesses and not-for-profit organisations to increase transparency of how they handle the information they acquire. Actively breaching the new privacy laws will incur penalties from $340,000 for individuals to $1.7 million for companies.
For businesses storing and processing personal information, now is the time to take an in-depth look at existing IT systems, and incorporate privacy and data protection into the specifications and architectures of new system designs.
“Organisations should ensure that they are thinking about privacy and security from the start, and not as an afterthought,” said Tawansi. “They should be thinking about the security of where their data is stored, and they need to ensure their software development provider is handling their data in a manner that is compliant with the new laws,” the CEO explained.
In addition, before an organisation shares personal information with offshore data centres and cloud providers, they must take reasonable steps to ensure these parties do not breach the APPs. Under the new laws, the organisation will be liable for privacy breaches by the third-party.
For businesses unsure of whether their existing applications comply with the APPs, Tawansi suggests they engage with an IT professional to conduct an assessment of their system. “Your IT consultant will start with an audit of your existing database to gain an understanding of the information flow within your organisation. Together, you can then assess the impact that has on customer privacy, and adapt your system and privacy procedures from there.”