From 12 March 2014, the existing National Privacy Principles and Information Privacy Principles will be replaced by the new Australian Privacy Principles and businesses will be required to comply with the new Privacy Amendment (Enhancing Privacy Protection) Act 2012.
We’ve been following this closely and already written about the approaching deadline and whether the changes might affect you. Here’s a summary of the changes and what you need to do to stay up-to-date.
The new Australian Privacy Principles
Australian Privacy legislation is becoming stronger with more restrictions and prescriptions for businesses. The new principles include the following changes regarding collecting, storing and using customer personal information:
- You must notify customers/visitors whether you disclose personal information to overseas organisations
- If you collect “sensitive” personal information you must get active agreement from the customer
- If you collect information that is not directly related to your business you must notify the customer/visitor and obtain their permission
- If you use customer information to direct market you must notify the customer and allow them to ‘opt out’ easily
- You must ensure personal information you have is accurate and up-to-date and protected from mis-use or accidental disclosure, and
- If asked, you must give customers/visitors access to their information within a reasonable period of time.
Make these 3 changes to your business …
Firstly, check the security of customer information databases and improve it if necessary. Under the old Privacy guidelines you only needed to keep customer data safe. The new principles state you must be proactive in regularly checking and ensuring you have the best security possible.
Secondly, implement active consent from customers. If you collect any customer information that is out of the norm, sensitive or if you or a third party you have sold customer data to conduct any customer contact that is not related to your business, then you need to get active consent from your customers and visitors.
Thirdly, purge out-of-date customer records and stop collecting unnecessary personal information. The regulations are getting stronger about not keeping any customer information you don’t need to conduct your business. So destroy old customer records or information that you do not need. But make sure that the manner in which you destroy the data is appropriate (e.g. shredding of physical records).
Plus we’ve included a clause on Cookies
- To ensure you are already compliant with any future guidelines on cookies or the possibility that the interpretation of the current Australian regulations changes, and
- To help you meet some of the minimum overseas requirements – but remember, if you are targeting UK customers you should notify them if you are using cookies.
If you have any questions, please get in contact. And good luck with your online business!