Australian businesses are subject to stringent obligations of compliance under the Privacy Act 1988 (Cth) (‘the Act’). From 23 February of this year, all Australian businesses have a statutory obligation to report any data breach involving personal information to the Australian Information Commissioner (“the Commissioner”). It is important to know your obligations under the Act and to have a clear plan of action in the event of a privacy breach.
If your business has a turnover of more than $3 million dollars, it will be subject to the obligations and requirements under the Act. Amongst other things, the Act prescribes that the business must collect and store private information in specified ways. If your business does not comply, it may be investigated by the Commissioner and ultimately it could face civil penalties of up to $360,000 for an individual and $1,800,000 for a company.
Schedule one of the Privacy Act outlines how an organisation must handle use and manage personal information. This includes thirteen Australian Privacy Principles, which include principles about:
- Providing an individual with the option of transacting anonymously or by using a pseudonym;
- The collection of solicited personal information including giving client’s notice about the collection of that information;
- How the organisation can use the client’s personal information and full disclosure of that use to the client;
- Keeping the client’s personal information secure, and the rights of the client to access and correct their personal information.
Burke & Associates Lawyers can assist you with further advice on these matters. Please contact Meghan Warren to discuss further.