The new privacy laws
On 12 March 2014, significant changes to Australian Privacy Law came into effect.
Who do the new laws apply to?
Strictly speaking, the current Privacy legislation is only a requirement for businesses with an annual turnover of $3M or more. There are some exemptions to this for businesses such as those involved in health services, advertising and marketing, contracting to the Commonwealth government. You can check if you are exempt.
Your business is more professional and has more credibility when you have a clear privacy practice in place. Privacy compliance is considered best business practice and most customers will appreciate it. It builds trust.
- Banks require it.
- Google Adwords needs it.
- Customers expect it.
- Offshore customer privacy requirements.
If you deal with offshore customers, particularly in the UK or US, you likely need one to comply with their local laws.
- OAIC Website Privacy Sweeps.
The Office of the Australian Information Commission (it’s the Privacy Commissioner) has and will continue to do random sweeps of business websites, and will issue fines to non-compliant websites.
Want more articles like this? Check out the processes section.
In practical terms complying with the Privacy legislation has always meant your policy needs to inform people that you:
- Collect their personal information, what you collect and what you will do with it.
- Only use personal information about people in ways that they might expect.
- Do not pass personal information on without telling people.
- Give people the chance to see any information you hold about them if they ask.
- Keep personal information safe.
- Allow people to easily opt out of any marketing.
- Explain how a person is able to complain about a privacy breach and also how you will deal with any complaint.
- Tell your visitors and customers if you are likely to disclose personal information to overseas recipients and to which countries.
- Ensure you have specific details about what information you collect and how you use it.
- Include a statement confirming individuals can ‘opt out’ of further direct marketing.
- Add specific ‘opt outs’ on all communications (not just marketing).
- It is prudent to include a Cookies notification. If you target the US/UK markets, it’s already a requirement.