Allens Arthur Robinson

• Introduction
• Overview
• NPPs & codes
• Complying
  • Sanctions
  • Commissioner's activities
  • Guidelines and information sheets
  • Other obligations
• Legislation & links
• Industries
• News
• Contacts
• Glossary
• Publications

Why comply? Aside from the legal requirement to do so, compliance comes with some business advantages.

• If I am setting up a new business or expanding an overseas business into Australia, how do I start?
• Compliance program
• Advantages

If I am setting up a new business or expanding an overseas business into Australia, how do I start?

Firstly, find out whether the private sector laws apply to you and whether you come under an exemption. Then you'll need to choose whether to become bound by an approved code - one may already be available for your industry, or you could apply to have your own code approved by the Privacy Commissioner. If you don't sign up to an approved code, you'll be bound by the NPPs.

Compliance program

The next step is a compliance program: if there is a dispute over whether you have complied with the Act, it'll help if you can show that you have one in place. We've prepared this brief checklist to help you get started - we'd suggest you: 

• Consider appointing a staff member to act as a privacy officer and: 
  • audit existing systems
  • establish and monitor systems to comply with the new legislation 

• Audit your systems: 
  • what information is collected?
  • who is it collected from?
  • how is it collected?
  • when is it collected?
  • for what purpose is it collected and used, and by whom?
  • what are the functions or activities carried out by your business?
  • do all the purposes for which information is collected relate to one of those functions or activities?
  • what consents are in place for use or disclosure?
  • is the information updated?
  • how is information stored and accessed?
  • what are the procedures for removing unnecessary or out-of-date information?
  • do you send or transmit information overseas?

• Create a Privacy Compliance Manual to minimise your exposure to privacy compliance risks. We'd recommend a three step process: 
  • Plan - identify privacy compliance issues. Your lawyers and senior management should take responsibility for planning.
  • Implement - educate your staff about their responsibilities regarding security and information management.
  • Maintain - update the contents of the manual according to changes in law, regulation and industry codes and practices. Retrain and refresh your staff in relation to their responsibilities. 

• Consider other measures:
  • Review any existing contracts and application forms.
  • Obtain any necessary consents from people giving personal information.
  • Develop privacy statements to be used in your dealings with those disclosing personal information.
  • Obtain expert advice to help you categorise information identified in any audit, identify privacy compliance risks, develop procedures and systems, and to provide assistance on specialist areas such as IT requirements for data security.
  • Ensure the physical safety of information.
  • Establish structures that allow individuals to access their personal information.

Advantages

You'll find complying with the private sector privacy regime comes with benefits for your business.

Such as:

• generating good customer or consumer relations;
• encouraging rapid take up of electronic methods of communication by overcoming distrust;
• helping the free flow of data between organisations inside and outside Australia (see International data flows);
• providing an opportunity to review and potentially improve efficiencies in information handling procedures;
• allowing your company to trade more easily with overseas companies that are already subject to this kind of regulation (see Sending information into Australia); and
• effective complaints handling procedures should mean that customers who would otherwise have walked away dissatisfied are more likely to stay.