“The biggest issue I think is that there’s been some press recently about changes to the Privacy Act,” says Mark Gardiner of Teddington Legal while speaking on the My Business Podcast.
“In February this year, Federal Parliament passed a bill that’s been around for a very long time, which is making a fundamental change to how the Privacy Act operates.
“At the moment Australia does not have what’s called a mandatory breach reporting procedure. And in February next year, that’s going to change.”
As Mark explains, once this new law takes effect, it will become mandatory for businesses to report any data breach where personal information is disclosed.
“It’s now going to be required in most circumstances that that breach be notified to the Australian Office of the Information Commissioner, which is the new title for the Privacy Commissioner, and to the affected individual,” he says.
The impact, according to Mark, is that businesses of all sizes will need to modify how they deal with privacy from the outset, and crucially their response to any issues or data leaks.
It also means that, once the law takes effect in early 2018, businesses and their owners can be subject to hefty penalties if appropriate precautions are not put in place or if data breaches go unreported.
“The Privacy Commissioner now has got some real teeth. He can levy fines of $360,000 on individuals, and $1.8 million to companies,” says Mark.
As if that is profound enough, Mark adds that examples overseas have demonstrated that businesses can also become the subject of class action lawsuits if they are deemed responsible for not maintaining individual privacy of customer and employee data.
“That’s what’s happened in the States in a number of places, and occasionally in Europe. And while the actual damage and the quantifiable amount may be quite small on an individual basis, on a class action basis, if there’s been a very large breach of say, someone’s entire database, then the class action sums could be quite large,” he says.
Hear Mark go into more detail on mandatory reporting legislation and its ramifications for business owners on the My Business Podcast below: