According to Laureen Smith, Vice President – Asia Pacific, Workshare, the handling of personal information is about to get “tighter and more complex” in Australia with the Privacy Amendment Bill 2012 becoming law from 12 March.
“Australian organisations now have to operate under new rules, controlling the way they use ‘personal’ information about individuals, particularly as the trend towards cloud adoption and the use of personal devices to share information and documents in the workplace continues.”
Smith said Australian organisations need to be more transparent and responsive about how they are handling customer data and, “if data is stored in the cloud, there are some new requirements that will apply, particularly if it is held offshore.”
“As a result, we’re seeing a shift towards cloud services that enable mobility for their users yet provide the level of security businesses require. C-level executives need to make sure they have the right tools in place to handle all personal information correctly, or they risk being fined for misconduct.
“This is not to be taken lightly, because failure to comply with the new laws means organisations can be hit with fines of up to $1.7 million, which will have a serious impact on their bottom line as well as reputation. Technology will play a major role in helping Australian organisations comply with the new privacy legislation, by providing them with the control they need to ensure that as a company they are handling personal information correctly and complying at all times.”
Smith said that under the changes to the privacy laws, the definition of personal information itself is changing and becoming much broader, “encapsulating many new data types that weren’t previously considered ‘personal’.”
“Much of this is thanks to advances in technology that makes it possible to generate and capture data not feasible when the previous legislation was introduced back in 1988.”
The new law applies to any companies with revenues over $3 million that collect information, such as names, contact details, payment information or other details related to a specific person, for any purpose.
Smith advised that organisations needed to introduce strict security measures by implementing “secure cloud applications that enable them to gain complete control and visibility over corporate documents and personal data.”