New Australian Privacy Laws: What SMEs must be doing


New privacy laws have been in effect since 12 March 2014, and for the first time, Australian businesses are facing serious penalties if they don’t toe the line. So what does it all mean for SMEs?

You tell customers you’re collecting their data. You include an “opt-out” button on the weekly e-newsletter. Maybe you even destroy information you no longer need. So you could be forgiven for wondering how the new 13 Australia Privacy Principles (APPs) will impact your business. After all, you already do what you need to, right?

Wrong. While you might practice one or two of these principles, you now need to make sure your business ticks all the relevant privacy boxes in order to avoid a hefty fine from the Privacy Commissioner.

To help, here’s the lowdown of what the APPs mean for SMEs:

What?

The APPs focus on how businesses collect, store and use personal information. Replace existing Information Privacy Principles and National Privacy Principles, they make some important steps in protecting privacy, particularly with the collection and use of data online. They also give the Privacy Commissioner expanded powers to investigate firms without waiting for a complaint to be made first, and enforce penalties. Up to $1.7 million for each contravention by the company and $340,000 for individuals to be exact.

Why?

Data is emerging as many firms’ most precious asset. Organisations are creating data at rates never seen before, from customer transactions, web communities, website visits, smart devices – the works. With this comes a responsibility to take privacy more seriously. The legislation formalises this, compelling businesses to review their data strategies and put data management processes in place to protect the consumer.

When?

The APPs came into play on 12 March 2014, so you need be fully compliant right now in order to avoid fines.

Who?

The new legislation only affects those businesses with annual revenues greater than $3 million and collect personal information from individuals.

But just because you don’t fall into this category doesn’t mean you shouldn’t follow the rules. The APPs represent best practice for all businesses. Plus, one day your business may tick over the $3 million mark, so it pays to make them business-as-usual sooner rather than later.

How?

Fortunately for SMEs, it’s not difficult to remain on the right side of the new privacy law – especially because many businesses already have many of these practices in place. Take the time to read the legislation carefully and take note of any specific areas that may affect your business. If you’re unsure what you need to do, here are some general practices every business can apply:

  • Only collect information you need.
  • Ensure that individuals know what you collect and why – preferably at the point of collection with a link to your privacy policy. For example, you need to tell any visitors to your website if you are collecting information on their browsing habits, and why.
  • Provide customers/prospects with the option to be anonymous, unless of course it is impractical to the business function; for example, you may need it for delivery purposes.
  • You’re allowed to use personal information for direct marketing, but always include a simple opt-out process.
  • Will information be sent overseas? One of the most significant to the privacy laws means you now need to take “reasonable steps” to ensure the principles are not breached overseas.
  • Don’t keep information you no longer need, didn’t ask for or didn’t collect in the first instance.
  • Avoid collecting any sensitive information, for example, race, health status etc as consent is required and can get very messy

About the Author

Paola Tanner, Director, Fuse Franchise Partners