This article from the experts at LexisNexis® Practical Guidance, covers the most significant legal reforms in 2024 and further changes in 2025 that we’re watching closely. This year’s developments have...
Introduction The 29th Conference of the Parties (COP29) to the UN Framework Convention on Climate Change (UNFCCC) took place in Baku, Azerbaijan, from 11 to 24 November 2024, concluding 35 hours after...
Over the past several years, there has been a seismic shift in shareholder and stakeholder expectations as to how businesses manage climate risk along with increasing pressure for companies to provide...
As Australia undergoes significant changes to its privacy laws, it’s crucial for businesses of all sizes to prepare. Following a multi-year review, the government is proposing amendments to the Privacy...
Writer: John Darmanin, Practical Guidance Senior Legal Writer – Property module The COVID-19 pandemic is affecting economies all over the world and GDP growth among OECD countries slowed to 0.7% in the...
As Australia undergoes significant changes to its privacy laws, it’s crucial for businesses of all sizes to prepare. Following a multi-year review, the government is proposing amendments to the Privacy Act that could reshape how organisations manage personal information. With harsher penalties on the horizon, now is the time to act.
Why Privacy Law Changes Matter
The proposed reforms will impact the way businesses collect, store, and handle personal data. Privacy experts, including Sonia Sharma, a Partner at Maddocks and author for LexisNexis® Practical Guidance, emphasise the importance of proactive measures. Conducting data mapping, reviewing policies, and implementing governance measures are essential steps to ensure compliance and build customer trust.
Key Actions for Compliance:
1. Determine Applicability of the Privacy Act
Evaluate whether the Privacy Act applies to your organisation now and in the future. Understanding this will help you anticipate necessary changes.
2. Conduct a Data Mapping Exercise
Gain a comprehensive understanding of the personal information your organisation holds:
3. Review Collection Notices and Privacy Policies
With anticipated changes to consent and notification requirements, ensure your current practices meet existing standards.
Key points include:
4. Appoint a Privacy Officer
Designate a privacy officer and establish a privacy management team to handle inquiries, complaints, and compliance efforts. This will foster a culture of privacy within your organisation.
5. Train Staff on Privacy Compliance
Provide regular, role-specific training on privacy policies and practices. This includes phishing awareness for frontline staff and hypothetical scenarios for executives.
6. Conduct Privacy Impact Assessments (PIAs)
Implement PIAs whenever introducing new data handling methods. This aligns with the OAIC’s guidance and helps identify privacy risks early.
7. Evaluate Essential Eight Maturity Level
Enhance your organisation's cyber resilience by assessing your Essential Eight maturity level, which includes critical cybersecurity measures recommended by the Australian Cyber Security Centre.
8. Invest in Privacy and Cyber Risk Management
Allocate resources for privacy and cyber risk management to navigate the evolving threat landscape. This aligns with the expectations of both the OAIC and ASIC regarding directors' responsibilities.
9. Implement a Privacy Management Plan
Create a privacy management plan to establish effective privacy practices and continuous improvement.
Conclusion: It’s Time to Act
As the Australian government prepares to implement these reforms, organisations must take proactive steps to align with the forthcoming changes. Utilise the full LexisNexis Practical Guidance Checklist for Privacy Act Reform Preparations to ensure your organisation is equipped to handle the upcoming challenges (subscriber access may be required).
Practical Guidance Cybersecurity, Data Protection & Privacy is an invaluable guide for practitioners who want to follow best practices when preparing to advise on data privacy and cybersecurity matters in today’s rapidly changing legal landscape. If you’d like to preview the time-saving resources covering this strategically important practice area, request a complimentary trial here.
Find out more about our Practical Guidance Cybersecurity, Data Protection & Privacy module here.