Data Privacy: Are You Aware of the Laws?

We’ve all downloaded mobile apps onto our smart phones. Perhaps your business is collecting data via an app and using it to build revenue by direct marketing offers. You may even be on-selling the data you collect. As we know, good data is massively valuable.

But are you aware of Australia’s privacy laws and how they apply to the collection, management and use of personal data?

Are you informing consumers about the information you collect on them; are you only collecting the information you need; are you actively seeking their consent and providing them with an easy opt-out?

Your business is responsible and accountable for the personal information it collects, even if it’s held by external service providers or contractors in Australia or overseas.

Sole traders, businesses and agencies (mostly with a turnover of $3million or more per financial year, but there are exceptions) that don’t comply with the Australian Privacy Act when collecting and holding personal data – especially sensitive data – risk massive fines.

Currently, the maximum penalty is $2.1 million for serious or repeated breaches of privacy, however this could rise to $10 million if recommendations in the draft Privacy Legislation Amendment (Enhancing Online Privacy and Other Measures) Bill 2021, released by the Australian Government late last year, go through.

But it’s not only money that’s at risk. Misuse of personal data can be massively damaging to your company’s reputation and, therefore, a threat to its survival.

To protect your business, it’s a great idea to undertake a privacy impact assessment (PIA) as part of the scoping process for any new projects that will involve the collection of data. As your project gets underway, and more is known about the data that will be collected, further PIAs should be conducted. PIAs are also recommended for existing projects – it’s never too late to put correct procedures in place!

Businesses that undertake a privacy impact assessment (PIA) demonstrate a commitment to good privacy practice, as well as compliance with privacy legislation.

The Office of the Australian Information Commission has a 10 step plan, with guidance, for undertaking a PIA – if your business is collecting personal data, it’s well worth taking a look.

The plan also includes advice on how to mitigate privacy risks, which range from building in access controls through to staff training, communication strategies and more.

 

Need More Time to Get Your Head Around Privacy?

Managing compliance takes time and money. On the flipside, not managing compliance will cost you even more. At the Ayers Group, we can help free up your resources for this essential work by taking care of all your admin associated with payroll, contractor management and migration needs in one easy platform that integrates with your existing software. Talk to us today.