What is a Privacy Act compliance audit?
Businesses have responsibilities pursuant to the Privacy Act 1988 (Cth) (Privacy Act) to make sure that they comply with the ten (10) National Privacy Principles (NPP) in accordance with the Privacy Act.
A Privacy Act Compliance Audit (PACA) is a threshold assessment that assists an organisation to determine whether or not they are compliant with the Privacy Act. Further, a PACA can provide an organisation with practical go forward methodologies about the way that they collect, hold, use and disclose an individual’s personal information.
At present businesses are preparing to review their processes as legislative amendments come into force in March 2014. At this time, further obligations will be imposed by the Privacy Act. This means that they must adhere to a new set of privacy principles called the Australian Privacy Principles (APPs). Read a summary of the changes here.
What will Dundas Lawyers do during a PACA?
Dundas Lawyers will conduct an assessment of your organisations:
- customer marketing material;
- standard form terms and conditions;
- privacy policies and procedures manuals;
- collection, retention, use and disclosure of personal information;
- IT and data storage processes;
- website privacy policies;
- e-commerce terms and conditions; and
- employee privacy training.
Who should undertake a Privacy Act compliance audit?
Any of the following should consider a Privacy Act compliance audit:
- government agencies;
- organisations; and
- small business operators who have opted in to the Privacy Act and or are considered ‘reporting’ entities.
What are the implications for non-compliance with the Privacy Act?
Once the amendments come into force, penalties range from:
- up to $350,000 – for an individual;
- up to $1.7 million – for organisations;
- victim compensation orders;
- criminal penalties;
- loss of business credibility with current and potential customers; and
- potential loss of new and current customers.
Further information
If you need assistance in assessing whether or not your organisation is compliant with the Privacy Act, contact us for a confidential and obligation-free discussion:
Malcolm Burrows B.Bus.,MBA.,LL.B.,LL.M.,MQLS.
Legal Practice Director
T: +61 7 3221 0013 (preferred)
M: +61 419 726 535
E: mburrows@dundaslawyers.com.au
Disclaimer
This article contains general commentary only. You should not rely on the commentary as legal advice. Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.
Related insights on privacy compliance
-
Data breach compliance and response plans
Dundas Lawyers create tailored data breach response plans to ensure compliance with the Privacy Act 1988 (Cth). Plans include actions, registers, records, tests and tasks. Get an obligation-free and confidential discussion to learn more.
-
Why is a Privacy Act Compliance Audit (PACA) necessary?
Understand the implications of the Privacy Act 1988 (Cth) and national privacy principles with the upcoming legislative amendments. Find out what a Privacy Act Compliance Audit (PACA) involves, who should consider it, and the consequences of non-compliance.
