![New Australian Privacy Principles: Set to take effect March 12, 2014. [Image: Wendell Levi Teodoro @Zeduce. org.]](http://yaffa-cdn.s3.amazonaws.com/yaffadsp/images/dmImage/StandardImage/Wendell - IP - source1_981E8490-A00E-11E3-A3E8005056A302E6.jpg)
Australian retailers have been warned to prepare for strict new privacy rules set take effect next month – or risk copping tough penalties from a regulator with wider powers.
The new Australian Privacy Principles, replacing existing Information Privacy Principles and National Privacy Principles, are set to come into force on March 12, 2014.
The 13 Australian Privacy Principles (APPs) significantly raise the bar on how businesses and federal government agencies collect, store and handle individuals’ personal information.
The new rules also beef up the privacy regulator’s enforcement powers with the Office of the Australian Information Commissioner able to levy penalties of up to $1.7 million and impose enforceable undertakings against non-compliant organisations.
Commenting on the new rules and the possible impacts for Australian retailers, global risk consulting firm, Protiviti has warned that companies should make sure they are ready to deal with the new restrictions.
Protiviti IT security & privacy director Aaron Greenman said the new laws could be a curve-ball for unprepared reatilers.
“For the first time under Australian information privacy law, organisations have an express obligation to take positive steps to adopt practices and systems to protect personal data in accordance with the APP.
“Organisations will be saddled with a raft of new responsibilities including ensuring they have processes to deal with privacy complaints, making sure they are accountable for personal information disclosed to overseas parties, establishing security measures to prevent information breaches, and many more,” he said.
“These wide-ranging changes will have a big impact on organisations that collect a lot of personal information such as online businesses, retailers, utilities, healthcare providers, communications companies and most businesses in the finance and insurance sectors. Yet, while government departments are generally well-prepared, regrettably, our experience has shown that the majority of corporates are not.”
According to the company, the Privacy Commissioner has made it clear that he will not shy away from using his new powers and come March 12, companies should not expect a ‘softly, softly’ approach to enforcement. This is because the rules have been in the public domain for some time and organisations have effectively had 15 months to prepare*.
In view of the regulator’s tough stance, Greenman also warned that companies which have not already done so, need to take immediate steps to become APP-compliant.
“Corporate Australia’s appetite for yet another compliance measure may be underwhelming, but companies need to appreciate that privacy is much more than just a bureaucratic requirement”, he said.
“With the rise of online technologies and social media, community concerns about how organisations use or misuse private information are at an all-time high. Today, privacy is an issue that if done well, builds deep bonds of community trust and customer loyalty. But on the flipside, when things go horribly wrong such as when a major security breach occurs, the public backlash and negative publicity can inflict long-lasting damage to corporate reputations and see customers deserting a company for a very long time”.