The Privacy Act 2020 has now been in effect for more than six months – and the Office of the Privacy Commissioner is reminding organisations of their legal responsibilities under the Act.
For all businesses, it’s a good time to check your team is aware of the key requirements. They include:
- Notifying the Privacy Commissioner of a serious privacy breach. This includes ransomware attacks when personal information is accessed, stolen or rendered inaccessible.
- Notifying the Commissioner as soon as practicable after becoming aware that a notifiable breach has occurred. This should be within 72 hours, unless there are extenuating circumstances.
If an organisation fails to comply and is prosecuted, it could be liable for a fine of up to $10,000.
Other points for business owners to remember:
- Staff who offer their resignation should not take client information with them when they leave
- Regular privacy training to staff is key, especially that they should only use customer information for the purpose the organisation had collected it.
The Office of the Privacy Commissioner (OPA) recommends:
- Developing a policy in relation to privacy breach management, including notifying OPA as soon as practicable
- Ensure your policy regarding privacy breach management is implemented as soon as possible
- Ensure you have systems in place to assure yourself that all privacy breaches that have caused or were likely to cause serious harm were notified to our Office as soon as practicable.
Remember to report breaches as soon as practicable after a breach – not after you think you’ve remedied the breach. For more general information click here.
General Advice Warning
The information provided is to be regarded as general advice. Whilst we may have collected risk information, your personal objectives, needs or financial situations were not taken into account when preparing this information. We recommend that you consider the suitability of this general advice, in respect of your objectives, financial situation and needs before acting on it. You should obtain and consider the relevant product disclosure statement before making any decision to purchase this financial product.