According to a recent report on the Australian Financial Review (AFR), it’s unlikely that you have properly prepared for the new privacy laws, which are in effect now. (http://www.afr.com/p/national/many_firms_not_ready_for_privacy_y3mEQytyUnM26ZR31dUAkI). This is despite the fines being up to $1.7 million for being found in breach of these regulations going forwards.
The new laws mandate that organisations have detailed disclosure on how their companies collect, store, use, disclose, provide access and correct personal data. The provisions cover both direct marketing and the use of offshore cloud computing providers or other contractors to store and process personal data.
The AFR story suggests that one of the reasons that organisations are not prepared for these requirements is a sense of complacency. There seems to be many organisations that are underestimating the scale of the task in making provisions for the new privacy laws, and indeed there are many senior decision makers that are unaware of what the need to do to their systems to prepare them for the new laws.
The Australian Government has released a guide to information security that outlines what is expected of Australian businesses going forward: (http://www.oaic.gov.au/images/documents/privacy/privacy-guides/Guide-to-information-security-summary.pdf).
These requirements are extensive, and while the privacy commissioner may have once been lax at times in the management of these regulations, the new laws would suggest that the watchdog will no longer take breaches casually.
Organisations should work with reliable partners to become compliant with these new privacy laws as quickly as possible. It starts with an audit. http://www.brennanit.com.au/security-consulting If you haven’t already, you need to run a full audit of your organisation, to ensure you fully understand what personal information your organisation is collecting and storing, and what you do with it. Gaps may exist in your process and also IT systems so it is important to address both in parallel.
You’re going to need to be able to provide this information quickly when requested, and so make sure that you’re storing it in a logical and secure fashion. It’s also important to go through a process of cleaning your data, since these laws apply to old data as well.