The Australian Privacy Act came into effect in March 2014 creating a uniform set of Privacy Principles called the Australian Privacy Principles (APP). The OAIC (Office of the Australian Information Commissioner) expects entities to take reasonable steps to comply with the Act. The legislation applies to all government and private sector organisations with revenue exceeding $3m and can face penalties up to $1.7m for breaching Australian privacy laws.
Vectra’s Privacy Act Compliance service is an assessment of procedures and policies to ensure entities are meeting APP obligations. Here are some examples of the assessment tasks:
- Review procedures that manage personal information in an open and transparent way.
- Review how individuals are provided the option of not identifying themselves, or of using a pseudonym.
- Review procedures related to collection of personal and collection of ‘sensitive’ information.
- Review procedures related to unsolicited personal information.
- Review procedures related to what circumstances an entity must notify an individual of certain matters.
- Review procedures related to the circumstances in which an entity may use or disclose personal information that it holds.
- Review procedures related to use or disclosure of personal information for direct marketing purposes.
- Review the steps that must be taken to protect personal information before it is disclosed overseas.
- Review procedures to determine obligations are met when an individual requests to be given access to personal information held about them including the requirement to provide access unless a specific exception applies.
- Review procedures to address obligations in relation to correcting the personal information an entity holds about individuals.
- How often should I conduct an assessment?
- Will a “certification” be issued?
- Will an assessment waive any penalties?
- Vectra has answers