Australia is no exception to the Privacy Law. The trend towards better protection of an individual's personal information as well as the employee who process such information is paramount to work safety laws as well. The need for privacy will constantly grow in the succeeding years while privacy compliance will be largely important for private enterprises in Australia.
The changes expected on the legislation will take place on March 2014 which will give the Privacy Commissioner of Australia much higher powers to rule out certain policies in dealing with confidential issues. This includes the ability to seek civil penalties of up to $1.7 million for a serious breach of the Privacy Law. The power to act on his "own motion" investigation will endow the Commissioner.
The Privacy Commissioner said "I will not be taking a ‘softly softly’ approach." which emphasised the intention behind the required reforms in the underlying intention behind the reforms. Various government agencies will be required to comply higher privacy requirements.
Some policies to bridge the compliance gaps under the new changes and methods are required to address them efficiently and minimise employee safety risks. Changes that must be made to existing business practices include:
- What you say to someone when you gather personal information about them.
- What you indicate in your privacy policy.
- How you practice direct marketing.
- How you maintain privacy education and enforce compliance within your organisation.
- The contractual terms under which you disclose personal information outside Australia (to an IT services provider)
The starting point of the entire process is conducting a privacy audit within the organisation. The audit should determine gaps between the existing practice and the new privacy requirements. The changes in the legislation should also cover the Spam Act since it's closely related to privacy law.
The privacy audit depends on the privacy and spam law expertise of in-house legal professionals, whether or not the privacy audit is being handled internally or through a third party assistance from an external legal firm.
The audit initiative must also involve the Marketing and Human Resources departments as well as the senior management from IT. They will be tasked to safeguard the types of personal information collected, how it's collected and utilised to whom it’s disclosed and how it's stored. Important documents relating to the collection and handling of personal information should be strictly followed, which includes softcopy forms on the internet where consumers can participate in your mailing list and contracts with third party IT services providers.
The goal is to identify critical areas where current work safety privacy practice does not meet the standards mandated under the legislation. The safety officer in charge can train internal stakeholders like Legal, HR, IT and Marketing. The results of the privacy audit will be a list of actionable items that need to be addressed before March 2014. This list can be worked out through to bridge the gap in compliance measures.