With less than 12 months to go before the introduction of the Privacy Amendment (Enhancing Privacy Protection) Act 2012, Australian enterprises are being encouraged to see the changes as a way to build customer trust through good privacy practices.
The Act, which comes into force on March 2014, includes the introduction of Australian Privacy Principles (APPs) and changes to how personal information is handled, including when it can be used for direct marketing and sent overseas.
Privacy Commissioner Timothy Pilgrim has been given new powers including the right to fine companies up to $1.7 million if they breach the Act.
According to Ernst & Young's IT risk and assurance executive director, Charlie Offer, businesses that comply with the new privacy laws will be able to maximise opportunities from customer data.
“Smart privacy management allows organisations to use insights from data to better target, attract and retain customers or to improve the efficiency of service delivery,” he said.
In addition, he said that good privacy management is about “building trust” in a company’s brand.
“This means leveraging the opportunities of data collected by new technologies and analysed through big data techniques, while staying within the parameters of privacy laws-- and more importantly-- customer expectations.”
According to Offer, consumers are happy to trade personal information for a free product or service but are turned off by organisations that are not transparent about how they then use that personal data.
“Consumer expectations around how companies deal with their personal information are rising, so the companies that are transparent with customers will be the winners, especially when it comes to trust in their brand.”
Offer also shared some tips for creating a good privacy program before the Act comes into effect next year.
“The first step is to identify all personal data currently held and analyse whether the organisation is sufficiently transparent about what they do with the data, and vitally, confirm that all activities are allowed by law,” he said.
According to Offer, business have lost a clear line of sight over where data goes to because they are increasingly dependent upon partners, vendors, suppliers, outsourcers and third parties’ sub-contractors.
“The new regulations make clear that out of sight should not be out of mind and organisations remain liable for any breaches. Good privacy management includes gaining regular assurance that business partners are complying with requirements,” he said.
If a data breach does happen, Offer said that the way companies handle the aftermath of a breach can “make or break” the relationship with a consumer. “Smart companies have rehearsed incident management procedures that can be invoked to reduce the impact and severity of a breach for affected individuals, as well as the organisation itself.”
Follow Hamish Barwick on Twitter: @HamishBarwick
Read more: The lost CIOs of oil and gas