Australian Privacy Policy, comes in next week

If you are running a business that uses computers, which is quite likely the majority of us, you need to pay special attention to the new Privacy Policy in Australia that it is to come into force next week.

The new privacy policy has 13 new Australian Privacy Principles; some of which can be a ‘trap’ for those with complex IT systems. In particular:

  • Principal 8 – Cross Border Disclosure of Personal Information
  • Principal 11 – Security of Personal Information

These two combined mean that those organisations involved in extensive IT outsourcing for ‘active’ systems really need to double check everything. Especially if they are using services provided in countries which do not have the same standards of Privacy Policy as Australia. So you could come a right cropper if:

  • You run website(s) and developers from a sub-standard country that have access to the live service data;
  • You outsource your call center (with data) to a country with sub-standard privacy policy;
  • You host data in the cloud but do not know exactly where it is and who has access to it.

for small businesses the minimum of $3m turnover makes this a minor problem, but you should still display a privacy policy as good practice, plus you should really know who has access to your sensitive data at all times. If you do run a big business and do not follow through the fines are quite extreme. Act fast!