Some IT managers are unaware of the Privacy Act amendments which are due to come into effect in March 2014, according to the results of a new survey.
Clearswift conducted online interviews with 200 IT managers responsible for compliance, security, privacy during August 2013.
The Enemy Within report found that 35 per cent of respondents did not know about the amendments, while 73 per cent indicated they were unaware of proposed mandatory data breach legislation. The Bill did not pass the senate before parliament rose prior to the September election and has now lapsed.
Clearswift Australia and New Zealand regional director Michael Toms said he was “alarmed” by the number of organisations unaware of the upcoming Privacy Act legislation changes.
“Over half of the respondents we surveyed work in compliance so it’s concerning those responsible for ensuring their business is on top of the regulatory environment are in the dark,” he said in a statement.
- Mandatory data breach notification on agenda: Privacy Commissioner
- Social media poses greatest privacy risk: OAIC
- More Australian Privacy Principles released for consultation
Toms said the new legislation encourages more transparency for customers in how their data is being used, with increased powers for the Privacy Commissioner and fines of up to $1.7 million for non compliance.
“That type of fine is not small change for many Australian businesses so it is vital businesses take action now to protect the sensitive information they hold.”
In response, Australian Privacy Commissioner Timothy Pilgrim said he was working hard to produce more guidance to help organisations understand the revised obligations.
“The Office of the Australian Information Commissioner [OAIC] has provided comparison guides and checklists as well as releasing draft guidance on the Australian Privacy Principles [APPs],” he said.
“By March 2014, businesses will have had 15 months to prepare. The key concepts underpinning the Privacy Actare not new, the private sector have been working with them for over 12 years now."
Pilgrim added that organisations should be updating privacy policies and collection notices to make sure that they are open and transparent about the management of personal information.
“Outsourcing arrangements and direct marketing practices should be given particular attention as there are new requirements in these areas.”
While the new privacy laws do not include a requirement for mandatory data breach notification, he said this did not mean businesses could relax when it came to information security.
“The new laws will give our office increased powers to carry out investigations and audit an organisation’s privacy practices. We will also be able to seek financial penalties against organisations for serious and repeated breaches,” Pilgrim said.
In addition, the OAIC has guidance on information security and voluntary data breach notification to help businesses.
Follow Hamish Barwick on Twitter: @HamishBarwick