Businesses advised to be vigilant with privacy

By: Graham Gardiner


Businesses are under mounting pressure to comply with the Privacy Act, as individuals seek greater access to rights information, according

Businesses are under mounting pressure to comply with the Privacy Act, as individuals seek greater access to rights information, according to law firm McCullough Robertson.

Emma Weedon, a Senior Associate in McCullough Robertson’s Intellectual Property Group, says businesses need to make privacy a priority.

"As information becomes readily accessible in the age of the internet and other advanced technology, individuals are becoming more and more aware of the ways in which they can protect and maintain the privacy of their personal information," she says.

"The Privacy Act 1988 imposes significant restrictions on the ways in which organisations can deal with personal information they have collected about individuals, and provides consumers with a tool if they feel an organisation has mistreated them, or inappropriately dealt with or disclosed their personal information."

The percentage of businesses that consider Privacy Act compliance important has never been so low, according to Weedon.

In addition, the number of businesses that wrongly believe a website privacy policy is sufficient to cover them has also never been so high.

Weedon says it is an unfortunate perception of businesses that claiming to be "privacy aware" is sufficient.

"In order to be truly compliant, an organisation must comply with the 10 National Privacy Principles (NPPs) in all of its dealings with the personal information of individuals," she says.

"The NPPs broadly cover the way in which organisations collect, use, disclose, secure, update and allow access to personal information about individuals."

Personal information is defined in the Act to be any information that identifies the individual, or from which their identity can reasonably be discovered.

"True compliance with the Privacy Act not only means implementing appropriate documentation and procedures, but ensuring that all relevant members of the organisation are trained in the requirements of the Act and the procedures they must follow in that regard," she says.

Even if a client does not suffer direct damage in the case of non-compliance, they still have the right to make a complaint instigated by the Privacy Commissioner.

Weedon advises that as the cost of compliance is relatively low and penalties can be high, every business should review their existing policies.

"As the Government has, through the proposed reforms, indicated that it is willing to take data protection more seriously, organisations should also consider their current systems for compliance and ensure documentation and procedures are up to date, to not only demonstrate to consumers that their privacy is taken seriously, but to also avoid the time and cost involved in breaches of the Privacy Act," she says.

You can also follow our updates by liking us on Facebook