Privacy- Do You Know What the New Changes Are?

privacy-concept-cctv-camera-digital-background-screen-icon-d-render-33792378.jpg

There are new amendments to the Privacy Act 1988 that will take effect in March 2014. Though that might seem like a long way away, it's absolutely essential that organisations begin preparing themselves and their business procedures for compliancy now. This is especially important in light of the enhanced powers that the Information Officer will have to discipline organisations that do not adhere to the law. Rest assured that Certex, in conjunction with our sister company Service Excellence Consulting (SEC), will highlight the possible capacities for breach and consequences of breach in more detail in our forthcoming newsletters.

So what's changed?

Well according to the Office of the Australian Information Commissioner (OAIC), the Amendment Act includes a set of "new, harmonised, privacy principles that will regulate the handling of personal information by both Australian government agencies and businesses." These privacy principles will be known as APPs (Australian Privacy Principles) and they set out the standards, rights and obligations in relation to handling, holding, accessing and correcting personal information. There are 13 new APPs in total, including two new principles, and they are be structured to capture the 'lifecycle' of personal information- from consideration and collection to access and correction of personal information. Thus, they govern a range of areas including direct marketing and cross border disclosure. Our lengthy involvement in the recruitment industry has shown us the reality: current practices in the majority of agencies will fall short of the new legislation- far short. Privacy is a delicate and multifaceted issue: it interplays with many pieces of legislation as well as with many different levels in a business. Most agencies think that they have a good understanding of privacy requirements, but the reality is that there are many gaps in understanding and implementation, and some of these are quite serious. The Privacy Best Practice program is an initiative of ITCRA ( Information Technology Contract & Recruitment Association) to assist Australian businesses to prepare for these changes. The program is a unique combination of a training workshop and a review of records which will be conducted at your office, providing the opportunity for many of your staff to attend. The workshop will provide information on the changes in the Privacy Act amendments and implications for recruitment agency. The records review will identify areas in your business of real and potential risk of non-compliance against the new requirements. The findings are presented to you in a report so you can work through and take action to correct the problems. We are also arranging half day workshops in each capital city. Currently, they are proposed for: Melbourne - Wednesday 30th October 2013; Perth - Friday 22nd November 2013. We understand your business- our consultants all have many years of experience, particularly in the recruitment industry, and are qualified auditors who have been trained in privacy by Andrew Wood, barrister on the Tasmanian Bar and expert in privacy and related employment matters. It would not be wise to assume that there is nothing you need to do to prepare for the new legislation. The OAIC has made it clear they will be using their new powers to conduct privacy audits). The recruitment industry is one of a small number of industries which deals with significant amounts of personal information for individuals who are not employees. (There are a number of exemptions for employees under the Privacy Act). Recently a large organisation was found to have breached national privacy when it left a database of about 740,000 customer records, in some cases containing usernames, password, email addresses and more, exposed on the web. There was little the commissioner could do except name and shame. However, under the new laws the commissioner could apply to the Federal Court to levy fines of up to $220,000 against individuals and $1.7m against companies for "repeated and serious" privacy breaches (Source). National and state legislation is constantly updating and it's simply assumed that you'll be aware and compliant with all of the changes as they come. Ignorance of the law is, as strange as it might sometimes seem, just not an excuse anymore. But why be ignorant at all? Send us an expression of your interest in these workshops and we will arrange a time to speak with you. Contact us to register interest and for more details.

Alicja Gibert