Changes recently introduced mean that businesses that deal with an individual’s personal information in any way must take steps to comply with the new privacy legislation. There are penalties of up to $1.7 million for breaches by corporations and up to $340,000 for breaches by individuals. ‘Personal information’ is defined broadly and includes information such as names, addresses, financial information, sensitive information (e.g. health, religion, etc.), email addresses or any other ‘information about an identified individual, or an individual who is reasonably identifiable’. The amendments will apply to any business that has an annual turnover of more than $3 million (and may also apply to others). If your business is caught by the changes in order to comply you must:
- Only collect personal information for permitted reasons
- Deal with the personal information in accordance with the new principles
- Notify individuals of certain privacy matters before collecting personal information
- Follow strict procedures for dealing with unsolicited information (there is a prohibition on using personal information for direct marketing purposes unless you satisfy an exception)
- Take steps before you disclose information to overseas recipients to ensure they do not breach the privacy principles (e.g. outsourcing or cloud computing).
The penalties that can apply to breaches are severe.
The credit reporting provisions have also been comprehensively revised and include similar requirements to those in the privacy principles. Any business that issues invoices with deferred payment terms of 7 days or more will be subject to these rules. Credit providers will also be able to access further information when assessing an individual’s credit worthiness.
If you need more information on the changes, please contact one of our team members on 07 3394 2311.