TICK, TOCK…. On Thursday, 22 February 2018 the law will change, so that businesses and organisations bound by the Privacy Act 1988 (Cth) will be obliged to report to the Privacy Commissioner, as well as affected individuals, if personal information they hold is the subject of unauthorised access, unauthorised disclosure or loss.
Personal information includes information such as names, email addresses, physical addresses and any other information or an opinion about an individual who is reasonably identifiable.
Many organisations and businesses are yet to implement a strong privacy framework to ensure compliance with privacy legislation. Last month the Australian Financial Review quipped that businesses are “woefully unprepared” for the incoming changes.
What can you do?
All organisations and businesses should prioritise their privacy compliance, and ensure they can answer the following questions favourably:
- Is your business or organisation required to comply with the Privacy Act 1988?
- Does your business or organisation have a current Privacy Policy, which complies with the Australian Privacy Principles?
- Does your business or organisation use compliant collection notices when collecting personal information?
- Does your business or organisation know what to do if a data breach occurs?
- Does your business or organisation have a compliant data breach response plan in place?
- Who holds or has access to the personal information held by your business or organisation?
- What type of personal information does your business or organisation hold?
- Has your business or organisation completed a privacy impact assessment for your latest project?
- What routine steps does your business or organisation take to ensure data security is working effectively?
If you are unsure of the answer to any of the above questions, please contact our office today to discuss how we can assist you to develop a sound privacy governance framework.