The Australian Privacy Principles came into effect last month. These are the most significant reforms to our privacy laws in the last decade. And the change that has your accountant worried is the size of the fines. For companies the penalties for a privacy breach go up to $1.7 Million. For sole traders and other entities that are not companies the fines go as high as $340,000.
So it is worth taking a bit of time to make sure your privacy policies and procedures are in order. We answer some questions about the new principles.
Do the new principles even apply to me?
If you have an annual turnover of more than $3million or you are a health service provider then the answer is definitely yes.
If your turnover is less than $3million the laws will still apply to you if you are “trading in personal information”. Are you collecting personal information and then giving it to another business to manage your direct marketing? Are you using consumer data to cross sell products from a partner business? Either of these activities could fall within the net of “trading in personal information”.
In our opinion the safest position is to assume that the principles apply to you. Not only are you sure to avoid those nasty fines, you are also going to be treating your customers with the respect they deserve and expect.
How will this affect my direct marketing campaigns?
The principles allow you to use personal information for direct marketing so long as you have disclosed that you may use the information in direct marketing at the time that you collected it and you provide people with a way to unsubscribe.
How do I make sure our business is compliant?
Avoiding a breach of the privacy laws need not be complicated or onerous. Here are some simple steps.
1/ Review the 13 Australian Privacy Principles and compare with your current practices.
2/ Tell people how you are going to use personal information when you collect it and then only use the information for the reasons you stated.
3/ Pass on personal information only for the reason you collected it.
4/ If people ask, give them a chance to see any information you hold about them.
5/ Keep personal information secure and accurate.
6/ Make sure everyone in your company who collects or deals with personal information knows how they are expected to handle it.
For more information check out the Guide to Privacy for Small Business.