The Privacy Act is not some obscure governmental legislation for you to ignore. It carries serious consequences (aka hefty fines) to businesses who fail to fulfill their obligations. So, you need to understand what the Privacy Act is about, what are your responsibilities, and what risks you are carrying. The Australian Government takes the Privacy Act very seriously, and to drive home that very point, they recently increased the maximum fine you could pay for any breaches. Individuals are now looking at a fine of up to $420,000 for violating the Privacy Act. Can your business afford that?
What is the Privacy Act?
The Privacy Act is an Australian law that regulates how we handle personal information about individuals. It’s comprised of thirteen principles that apply to private organisations as well as government agencies. Personal information is information or an opinion, whether true or not, about an identified individual. It could be something as small as the individuals name or a commentary on that person. Or rather it could be their signature, medical records or bank details.
What is the Notifiable Data Breaches Scheme?
So no doubt by now you’ve heard of the newest addition to the Privacy Act; the Notifiable Data Breaches Scheme. The NDBS outlines your requirements and obligations for responding to a data breach.
The NDBS requires that eligible organisations notify both the Australian Information Commissioner, and individuals whose personal information is involved in a data breach that is likely to result in serious harm. As a result, fines for failure to comply with the scheme can result in a fine of up to $2.1m for companies!
How do I comply with the Privacy Act?
It seems like an astounding number of business directors and owners are totally oblivious to their obligations here. Consequently, (as mentioned above) failure to meet these obligations could leave you with a fine of up to $2.1m. If you’re not looking to fork out that amount, then let’s look at what you need to do:
Audit and Evaluate Your Cyber Security
You can do this yourself, or maybe engage an IT specialist who can audit your cyber security environment. The Privacy Act requires you take reasonable precautions to secure personal information in your safekeeping. This means your cyber security measures need to be up to scratch. You can perform a self-evaluation with our Cyber Security Audit Checklist to start.
Educate Your Team
First of all, ensure your team understands that individuals can be held liable for breaches, and prevention is in their hands. Furthermore, educate your team on the Notifiable Data Breaches Scheme and the Privacy Act, and teach them about cyber security within your business. So many data breaches occur due to human error, so are easily preventable with some common sense and good cyber security practice.
Follow the OAIC Guidelines
Lucky for you and your business, the Office of the Australian Information Commissioner has a detailed privacy management plan you can use. It helps you identify and outline your privacy management goals, and also assists you to implement them. Utilise this template to get your business compliant, or if you’re unable to, hire someone who can do so for you.
Above all, you need to be critically aware of how the Privacy Act and NDBS is relevant to you and your business. Also keep in mind that there are heavy fines that go hand-in-hand with failing to comply with these laws. Furthermore, you risk losing your reputation, your revenue and your business. Inform yourself and your team and protect your business.