Why do we need a Privacy Act Compliance Audit (PACA)?

What is a Privacy Act compliance audit?

Businesses have responsibilities pursuant to the Privacy Act 1988 (Cth) (Privacy Act) to make sure that they comply with the ten (10) National Privacy Principles (NPP) in accordance with the Privacy Act.

A Privacy Act Compliance Audit (PACA) is a threshold assessment that assists an organisation to determine whether or not they are compliant with the Privacy Act.  Further, a PACA can provide an organisation with practical go forward methodologies about the way that they collect, hold, use and disclose an individual’s personal information.

At present businesses are preparing to review their processes as legislative amendments come into force in March 2014.  At this time, further obligations will be imposed by the Privacy Act.  This means that they must adhere to a new set of privacy principles called the Australian Privacy Principles (APPs).  Read a summary of the changes here.

What will Dundas Lawyers do during a PACA?

Dundas Lawyers will conduct an assessment of your organisations:

• customer marketing material;
• standard form terms and conditions;
• privacy policies and procedures manuals;
• collection, retention, use and disclosure of personal information;
• IT and data storage processes;
• website privacy policies;
• e-commerce terms and conditions; and
• employee privacy training.

Who should undertake a Privacy Act compliance audit?

Any of the following should consider a Privacy Act compliance audit:

• government agencies;
• organisations; and
• small business operators who have opted in to the Privacy Act and or are considered ‘reporting’ entities.

What are the implications for non-compliance with the Privacy Act?

Once the amendments come into force, penalties range from:

• up to $350,000 – for an individual;
• up to $1.7 million – for organisations;
• victim compensation orders;
• criminal penalties;
• loss of business credibility with current and potential customers; and
• potential loss of new and current customers.

Further references

Related articles by Dundas Lawyers

• What is a data breach response plan and how do I get one?

Further information

If you need assistance in assessing whether or not your organisation is compliant with the Privacy Act contact us for an obligation free and confidential discussion.

Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS
Legal Practice Director
Telephone: (07) 3221 0013
Fax: (07) 3221 0031
Mobile: 0419 726 535
e: mburrows@dundaslawyers.com.au

Disclaimer

This article contains general commentary only.  You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.