Businesses are unknowingly breaching privacy rules and risking hefty fines, lawyer warns.
Businesses are unknowingly breaching privacy rules and risking hefty fines, lawyer warns.
It’s been 12 months since the Australian Privacy Principles were established and according to Alec Christie, partner at DLA Piper, around 50 per cent of companies are still not compliant with the principles.
While the principles don’t appear drastically different, businesses should be aware of the radical shift in the attitude, Christie said.
“We did an ad hoc survey in October/ November last year, roughly over a hundred app and online policies for businesses doing business in Australia and Australian businesses. Fifty per cent approximately, were not compliant in one way or another and five per cent of companies without a privacy policy at all,” he said. “It is a scary thought that even those who tried to comply then went on to make some fundamental errors like adopting an offshore parent company’s privacy policy which was in some cases was fine for the law of Europe of the US but certainly not compliant in Australia.”
According to Christie, in order to remain compliant with the principles, privacy policies should be updated as the business changes, and managed within organisations from the board down.
With basic compliance the biggest issue, in some cases, companies do not realise they principles apply to them at all. But basic compliance with the rules isn’t enough to get you over the line, Christie said.
“Simple compliance, in the commissioner’s view, is not enough. Legally, simple compliance may get you there… but the Commissioner will be looking for more. At a minimum, you need to have a privacy governance regime in place,” he said.
It’s been 12 months since the Australian Privacy Principles were established and according to Alec Christie, partner at DLA Piper, around 50 per cent of companies are still not compliant with the principles.
While the principles don’t appear drastically different, businesses should be aware of the radical shift in the attitude, Christie said.
“We did an ad hoc survey in October/ November last year, roughly over a hundred app and online policies for businesses doing business in Australia and Australian businesses. Fifty per cent approximately, were not compliant in one way or another and five per cent of companies without a privacy policy at all,” he said. “It is a scary thought that even those who tried to comply then went on to make some fundamental errors like adopting an offshore parent company’s privacy policy which was in some cases was fine for the law of Europe of the US but certainly not compliant in Australia.”
According to Christie, in order to remain compliant with the principles, privacy policies should be updated as the business changes, and managed within organisations from the board down.
With basic compliance the biggest issue, in some cases, companies do not realise they principles apply to them at all. But basic compliance with the rules isn’t enough to get you over the line, Christie said.
“Simple compliance, in the commissioner’s view, is not enough. Legally, simple compliance may get you there… but the Commissioner will be looking for more. At a minimum, you need to have a privacy governance regime in place,” he said.
