As of 12 March 2014, Australian businesses will be obliged to adhere to 13 New Australian Privacy Principles (APPs). The principles are new to legislations, but the concepts are not new to our Australian businesses.
Many of the principles cover procedures that businesses have been following as best-practice for many years. However, from March onwards, these procedures will be enforceable by law.
The APPs will only impact those organisations with an annual turnover of more than $3 million and who collect personal information; defined as “information or an opinion about an identifiable individual, or an individual who is reasonably identifiable”.
The legislation will introduce 13 new APPs which focus on how businesses collect, store and use data and personal information.
With many businesses focusing their marketing on targeting their customers, data and its management plays an integral role in delivering these business objectives. With ‘Big Data’ — that is, the large volumes of information within organisations — data management is intrinsic to any business processes, and many companies have been working to uphold these best-practices.
The legislation formalises this and will compel businesses to review their data strategies from end to end, ensuring that information collected is relevant and they know exactly where and how it is going to be used.
To adhere to the APPs the must dos are:
- Make consumers and prospects aware that their personal information is being collected at the point of collection via a notification statement stating why their information is being collected, what it will be used for and a link to the current Privacy Statement.
- When collecting data, provide individuals with the option to be anonymous unless it is impractical, for example, for delivery purposes, legal requirements, et cetera.
- Only collect what is necessary and what relates to the business function.
- It’s okay to use personal information for direct marketing as long as it includes a simple opt-out process
- Include a cross border disclosure statement if any of the information is viewed overseas by listing the countries involved.
The important don’ts to take from the new APPs are:
- Don’t keep information you didn’t ask for and destroy information you didn’t ‘solicit’.
- Avoid collecting ‘sensitive’ information, for example, ethnicity, religion, health et cetera, as consent is required to collect these details and this will make it very messy.
It is important to note that businesses not complying with these new laws could be at risk of fines up to $1.7 million for a privacy breach by a company and $340,000 for individuals.
Nalini Kara is the product director for data services at Salmat.