Minter Ellison technology law partner Paul Kallenbach has told the Australian Financial Review (AFR) that many companies are not prepared for the biggest change in privacy laws in a quarter-century.
The Australian Privacy Principles start on 12 March 2014 and are backed by civil penalties of up to AUD1.7m (£923,000) for companies and up to AUD340,000 for individuals. They mandate detailed disclosure of how companies collect, use, disclose, secure and correct personal information. They force companies to give individuals access to personal information unless a specific exception applies.
The privacy commissioner, Timothy Pilgrim, has said the days of ‘softly, softly’ privacy enforcement are over and that his office now has the power to initiate investigations rather than act only on complaints.
Kallenbach said Pilgrim intended to enforce the principles seriously but not, from what he has seen, ‘as a penal regime’. Kallenbach said: ‘He really wants privacy compliance in substance. Whether it’s a large organisation or a medium-sized organisation, he is only going to start levying large civil penalties for serious, repeated breaches.’