Beginning March 12, 2014, businesses in Australia will now be obligated to follow the 13 New Australian Privacy Principles (APPs).
The good news for Aussie enterprises is that while the principles are new to legislators, the concepts are far from it to businesses. In fact, many, if not all, of the outlined principles touch on procedures Australian businesses have been adhering to as best-practice for several years—only this time around, the principles will be backed by law.
The new APPs will affect organisations with an annual turnover of $3 million or more, as well as those that collect personal information, defined as “data or an opinion about an identifiable individual, or one who is at least reasonably identifiable.”
The legislation will see the introduction of 13 new APPs that target the manner in which businesses collect, store, and wield customer data and personal information.
The legislation is important, because with several businesses using their marketing strategies to target specific customers—whether by demographic, region, or specific activities—the new rules will likely affect the way in which data is managed when reach business objectives.
When it comes to Big Data, or the huge volumes of user information kept within the organisation, data management is central to processes within the business, with several companies striving to uphold these measures as part of their best practices.
What this Means
To ensure adherence to the 13 new APPs, businesses by law will now have to:
- Notify customers, consumers, and prospects that their personal information is being collected and stored at the moment of collection through an alert or statement indicating said activity taking place. The notification should also let people know what their information will be used for, also containing a link to the company’s Privacy Statement.
- Upon data collection, businesses should provide individuals with an option to remain anonymous unless otherwise needed, for instance, when shipping concerns and legal requirements are involved.
- Collect only data that’s necessary and related to the business process
- Use personal information for marketing, but provide an opt-out option
For the most part, Australia’s new privacy laws are within reason and as mentioned earlier, already cover procedures long considered as best-practice. However, we at Enform still believe that some businesses may be in for a shock once they realise just how much work needs to be done to comply with the new policies.
- The new legislation requires businesses to go over their data strategies once more in a comprehensive manner, ensuring that the data they collect is relevant and that they know just what exactly to do with it.
- With the Act setting guidelines not just for data collection but also for disposal, businesses now have to have a proper data management system, one that tracks consumer data through its life-cycle. Fortunately, several tools and services are available for commercial use, with some even taking into account regulatory requirements.
- New guidelines on privacy practices also mean training of staff to keep them updated on these principles and informed on how they affect the organisation. With several departments in a company likely to come into contact with user data, stringent rules must be enacted to avoid violations.
Businesses that fail to comply with the new laws risk incurring fines of up to $1.7 million for a company privacy breach, and $340,000 for individuals.