12 March 2014 the way Australian organisations are required to handle
personal information will change significantly. Will your organisation
The Privacy Amendment (Enhancing Privacy Protection) Act 2012 introduces many significant changes to the existing Privacy Act.
This includes a set of thirteen new, harmonised, privacy principles to
regulate the handling of personal information, plus higher penalties for
breaches of privacy. The new laws will apply to Australian Government
agencies, private sector businesses and not-for profit organisations
covered by the Privacy Act 1988.
many of the concepts and requirements of the privacy reforms remain the
same, there are some additional protections that relate to the privacy
of individuals. These include restrictions around the use and disclosure
of personal information for direct marketing and an increased emphasis
on the security of personal information. All are designed to protect
personal information from being mishandled. Specific reforms include:
introduction of the Australian Privacy Principles (APPs) that will
regulate the collection, use, storage and disclosure of personal
information. The APPs replace the Information Privacy Principles (IPPs)
that previously applied to Government agencies and the National Privacy
Principles (NPPs) that previously applied to businesses.
A mandatory obligation to inform individuals how they may complain about a privacy breach.
civil penalties of up to $340,000 for individuals and $1.7 million for
an agency for serious or repeated breaches of an individual’s privacy.
Greater enforcement powers for the Office of the Australian Information Commissioner.
What do I need to do?
While the reforms do not commence until 12 March 2014, organisations need to start preparing now to ensure they are ready.
your organisation collects, uses, discloses, transfers and stores
client, student or other individual’s information. Review it now and
make any amendments necessary.
2. Ensure your workers receive adequate training
your workers, including volunteers, need to be aware of the privacy
program covers the collection, security and disclosure of personal
3. Evaluate your security measures
The security measures you have in place to protect personal information will need to be reviewed to
they’re up to the task. Measures could include governance, IT security,
physical security, workplace training and policies.
4. Review your insurance cover
your insurance cover to ensure it’s adequate for all your operations,
including your online activities. Your public liability policy may
already provide specific cover for privacy claims, however most provide
very limited cover for internet liability. You may wish to consider
cyber insurance. CCI’s Cyber Insurance can protect you from the fallout of a range of cyber-crime and computer-based activities. Cyber events including computer malware, data breaches, cyber extortion threats and denial of service attacks can all lead to losses and claims being made against you.
The Office of the Australian Information Commissioner has a number of resources which are available from www.oaic.gov.au or by calling 1300 363 992. Privacy Awareness Week is a national event coordinated by the OAIC.
CCI’s Essentials of Privacy e-Learning course, available via Learning Manager, is designed to help clients meet their various privacy obligations.
Learning Manager is currently available to archdiocese, diocese and congregations. For an
obligation-free demonstration call 1300 660 827 or email firstname.lastname@example.org
If you would like more information about Cyber insurance, speak to your CCI Account Executive, visit www.ccinsurance.org.au or call 1800 011 028.
|If you would like further information about the Privacy Law Reform, please contact the risksupport Helpdesk on:|