Think The New Privacy Laws Don’t Affect You? Think Again

Think The New Privacy Laws Don’t Affect You? Think Again

With fines of up to $1.7 million for each infringement, businesses need to make sure they’re compliant with the new Australian privacy laws, says Loud & Clear’s Cade Witnish.

Here are five steps to ensure you’re compliant.

It has now been almost six months since significant changes were made to the Privacy Amendment Act – changes that affect the legal obligations businesses and government agencies have with respect to the collection, use and disclosure of personal information.

The aim of these reforms is to encourage an open and transparent management of personal information. The Privacy Commissioner has been empowered with new audit and investigative powers as well as the ability to issue civil penalties of up to $1.7 million per infringement – yet so many businesses are unaware of their new obligations. So what has tangibly changed for your business?

Bringing operations into compliance can be a big job – especially for a digital business where customer information is recorded across multiple platforms, stored across the web and used for several purposes.

Here are five steps to ensure your business is compliant.

Step 1: Reviews

Businesses hit by the new laws must conduct a comprehensive review of their existing (or non-existing) privacy policies. When assessing the current policies, you need to ask:

  • What data is being collected,
  • how is it collected,
  • for what purpose is it collected,
  • how is it used, and
  • where is it stored?

You want to evaluate how customer data is currently being dealt with and then map existing processes against the new obligations.

Step 2: Privacy policies

The new laws require businesses to publish a clear, up-to-date privacy policy. At very least it must describe the following:

  • The methods of collecting and storing personal information,
  • the purpose of collecting personal information,
  • information on how to complain about a breach of the Australian Privacy Principles (APP),
  • a guide for individuals on how they can access and amend personal information, and
  • notice if the data will be shared with third parties overseas.

So it’s not just about getting a generic policy together – it’s about formulating and publishing a privacy policy tailored to your business that satisfies the new laws. I would recommend getting some advice from your lawyer at this point.

Step 3: Data collection notifications

The Amendments expand the obligations businesses’ have in notifying individuals when their personal information is collected.

Whenever a person makes an online inquiry, a purchase, or provides any personal information whatsoever, you must adhere to a strict set of notice requirements.

Before or immediately after the information has been collected, a notice must be served upon the individual. It should clearly outline:

  • Notice that the information has been collected,
  • the purpose of the collection, and
  • information about whether it will be disclosed to third parties.

You need to ask yourself: how thoroughly is my website complying with this requirement?

Step 4: Unsolicited personal information

Anyone who uses email knows that we receive information never intended for us – spam – it happens all the time.

Under these new laws, businesses are now required to destroy or de-identify any unsolicited personal information that would not have been able to legally obtain. In practice that means destroying most of this material.

To avoid hefty fines, as a business you need to devise and implement a standardised process whereby all such information is quickly and effectively destroyed.

Step 5: Staff training

The Amendments introduce a raft of new obligations and calls for businesses to take a pro-active approach to privacy. Privacy issues will become more and more important as businesses continue to grow, connect and diversify in the globalised world.

Australian businesses must adapt to the new privacy laws at an organisational level by revising privacy policies, data systems, and importantly, training each and every member of staff to manage the privacy responsibilities of the business as a whole.

So ask yourself, what steps has your business taken to ensure you meet all the new requirements?


Cade Witnish is managing director of Loud&Clear.

Please login with linkedin to comment

Latest News

Case Study: How Content Helped Tribal Marketing Come To Life Amongst Rev-Heads.
  • Opinion

Case Study: How Content Helped Tribal Marketing Come To Life Amongst Rev-Heads.

In this guest post, CEO of content marketing agency Edge, Fergus Stoddart (pictured below), says brands would do well to play on their customer’s loyal tribalism… Normally over Christmas, any downtime is spent asleep on the sofa, mildly lubricated with a belly full. This year, with the Ashes in the background, I managed to stay awake […]


by B&T Magazine

B&T Magazine
Red Bull Holden Racing Team Unveils 2018 Cars On Sydney Harbour
  • Marketing

Red Bull Holden Racing Team Unveils 2018 Cars On Sydney Harbour

Red Bull Holden Racing team took the covers off its 2018 Holden Commodore Supercar today. Floating on a barge in Farm Cove, the harbour provided a stunning backdrop for the reveal. Teammates Jamie Whincup and Shane van Gisbergen have won the past two championships for the squad. Whincup, now the greatest of all time with seven Supercar’s titles, […]

Victorian Government Launches VR Bushfire Experience Via The Fuel Agency
  • Advertising
  • Campaigns
  • Technology

Victorian Government Launches VR Bushfire Experience Via The Fuel Agency

As part of its summer fire campaign, the Victorian government has launched a virtual reality (VR) bushfire experience and content series via The Fuel Agency. The VR experience places the user in the midst of a large bushfire, and is designed to encourage people to leave early on high-risk days before it’s too late. The […]

Local Ad Tech Company VeNA Partners With RugbyPass
  • Advertising
  • Media
  • Technology

Local Ad Tech Company VeNA Partners With RugbyPass

ad tech company VeNA has signed an exclusive reseller partnership covering Australia and New Zealand with digital rugby network RugbyPass. Across Asia and parts of Europe, RugbyPass is the exclusive digital rights holder and over-the-top broadcaster for live rugby, including the Super Rugby, the Rugby Championship and autumn internationals, the Six Nations, the Aviva Premiership, […]

SpotX Appoints Gavin Buxton As Asia MD
  • Advertising

SpotX Appoints Gavin Buxton As Asia MD

Video advertising platform SpotX has announced it has appointed Gavin Buxton as managing director of Asia to lead the company’s expansion in the region. Buxton has over 17 years’ global experience in the digital advertising space, having worked in leadership roles at tech and publishing companies, including Microsoft, Turner Broadcasting, and LinkedIn, with the last […]

Big Mobile Doubles Down On Ad Tech & Rebrands
  • Advertising
  • Technology

Big Mobile Doubles Down On Ad Tech & Rebrands

B&T Awards 2017 finalist Big Mobile has unveiled a fresh look to reflect its new ad tech credentials. The company successfully pivoted its business from ad network to mobile ad tech vendor when it announced a joint venture (JV) with Widespace in October last year. As a result of the business changes, Big Mobile wanted […]

March One Appoints New Senior Account Manager
  • Advertising

March One Appoints New Senior Account Manager

Independent ad agency March One has appointed a fresh face to the team, with Melanie Tozer to reinforce its mission to put humans first as a senior account manager. Tozer (pictured above), an up-and-coming talent from New Zealand, will align her extensive experience in FMCG marketing with March One, having worked on accounts for Bunnings […]