Use this button to switch between dark and light mode.

Privacy Law Shake-Up: Is Your Business Ready?

As Australia undergoes significant changes to its privacy laws, it’s crucial for businesses of all sizes to prepare. Following a multi-year review, the government is proposing amendments to the Privacy Act that could reshape how organisations manage personal information. With harsher penalties on the horizon, now is the time to act.

Why Privacy Law Changes Matter

The proposed reforms will impact the way businesses collect, store, and handle personal data. Privacy experts, including Sonia Sharma, a Partner at Maddocks and author for LexisNexis® Practical Guidance, emphasise the importance of proactive measures. Conducting data mapping, reviewing policies, and implementing governance measures are essential steps to ensure compliance and build customer trust.

Key Actions for Compliance:

1. Determine Applicability of the Privacy Act

Evaluate whether the Privacy Act applies to your organisation now and in the future. Understanding this will help you anticipate necessary changes.

2. Conduct a Data Mapping Exercise

Gain a comprehensive understanding of the personal information your organisation holds:

  • Identify types of data: personal, sensitive, and technical information.
  • Analyse how data is collected, used, and disclosed.
  • Review third-party data storage and processing practices.

3. Review Collection Notices and Privacy Policies

With anticipated changes to consent and notification requirements, ensure your current practices meet existing standards.

Key points include:

  • APP 1: Maintain a general privacy policy.
  • APP 5: Notify individuals of mandatory matters at the point of data collection.

4. Appoint a Privacy Officer

Designate a privacy officer and establish a privacy management team to handle inquiries, complaints, and compliance efforts. This will foster a culture of privacy within your organisation.

5. Train Staff on Privacy Compliance

Provide regular, role-specific training on privacy policies and practices. This includes phishing awareness for frontline staff and hypothetical scenarios for executives.

6. Conduct Privacy Impact Assessments (PIAs)

Implement PIAs whenever introducing new data handling methods. This aligns with the OAIC’s guidance and helps identify privacy risks early.

7. Evaluate Essential Eight Maturity Level

Enhance your organisation's cyber resilience by assessing your Essential Eight maturity level, which includes critical cybersecurity measures recommended by the Australian Cyber Security Centre.

8. Invest in Privacy and Cyber Risk Management

Allocate resources for privacy and cyber risk management to navigate the evolving threat landscape. This aligns with the expectations of both the OAIC and ASIC regarding directors' responsibilities.

9. Implement a Privacy Management Plan

Create a privacy management plan to establish effective privacy practices and continuous improvement.

Conclusion: It’s Time to Act

As the Australian government prepares to implement these reforms, organisations must take proactive steps to align with the forthcoming changes. Utilise the full LexisNexis Practical Guidance Checklist for Privacy Act Reform Preparations to ensure your organisation is equipped to handle the upcoming challenges (subscriber access may be required).

Practical Guidance Cybersecurity, Data Protection & Privacy is an invaluable guide for practitioners who want to follow best practices when preparing to advise on data privacy and cybersecurity matters in today’s rapidly changing legal landscape. If you’d like to preview the time-saving resources covering this strategically important practice area, request a complimentary trial here.

Find out more about our Practical Guidance Cybersecurity, Data Protection & Privacy module here.