At Dylan & Inns Gold Coast and Brisbane we act for many small and medium sized businesses, assisting them to meet their commercial law obligations. One of the most common concerns we come across is whether a business is meeting its obligations when it comes to Australia’s privacy laws.
It’s now been over a year since privacy laws were overhauled and many businesses have not yet updated their policies and procedures to reflect these changes.
If your business has an annual turnover of more than $3 million, or offers payment terms of seven days or more then the updated privacy laws have a direct impact on your business and you need to ensure you are meeting your legal obligations under these laws, otherwise your business may face significant legal penalties.
In 2014 Australia’s privacy laws received their most significant changes in 25 years as amendments to the Privacy Act 1988 (Cth) (“the Act”) were passed. Changes to the Act included the introduction of a new set of Australian Privacy Principles (“APPs”) and new credit obligations designed to regulate the handling of personal information and credit information by businesses.
New penalties were also introduced that included a fine of up to $340,000 (for individuals), or $1.8 million (for corporations) for breaching certain provisions of the Act and the APPs.
Australian Privacy Principles:
The APPs specifically apply to businesses with an annual turnover of more than $3 million and some of the key obligations a business must meet include ensuring it:
- Has an up-to-date privacy policy that is easily accessible by your customers and contains information about a number of mandatory matters set out in the APPs;
- Notifies its customers of certain privacy and information handling matters prior to the collection of their personal information;
- Only collects a customer’s personal information for permitted reasons and once collected deals with this personal information in accordance with the APPs;
- Doesn’t use the collected personal information for direct marketing purposes unless certain conditions are satisfied; and
- Takes steps to protect the personal information of customers before disclosing this to overseas recipients, in order to ensure that they do not breach the APPs, for instance when outsourcing services, or using cloud computing.
Changes to Credit Reporting Obligations:
The amendments to the Act also imposed new obligations on any business that offers deferred payments to their customers for goods and services where the term is for seven days or more, regardless of the annual turnover of the business.
Some key obligations that businesses must meet include:
- Ensuring that your business has an up-to-date credit policy that details how credit information is handled and that this policy is easily accessible to your customers and contains information about a number of mandatory matters; and
- Notifying your customers of certain credit information handling matters prior to the collection of their credit information.
Prior to the introduction of the amendments to the Act in 2014, privacy compliance was viewed as a toothless tiger by many business owners, however as you can see the significant fines that were introduced have the capacity to have a dramatic affect on you, or your business. It’s vital that as a business owner you ensure that you are aware of your legal obligations under the Privacy Act and have in place the correct policies and procedures in place to meet these legal obligations.