National law firm Holding Redlich has been “inundated” with calls from businesses which are unprepared for the privacy law changes due to take effect on Wednesday.
The legislation was first passed by Parliament 15 months ago, but many companies still haven’t made the necessary changes to comply with the laws.
Holding Redlich general counsel Lyn Nicholson has been fielding the requests and told SmartCompany there’s been dozens of companies calling in the past week.
“We did a webinar a week ago on the new laws and with just 48 hours’ notice we had 50 people log on and find out what they had to do. And since then we’ve had a number of follow ups,” she says.
“In December we’d done an earlier webinar on the topic which attracted 115 people, and equally we got a lot of follow ups from this too.”
Nicholson says despite having 15 months to prepare, businesses are only just starting to worry.
“It seems many businesses have left it to the last minute to get prepared and the level of interest on this topic has been huge. The deadline is looming and businesses are clearly realising that they face commercial and regulatory risks, including fines if they are non-compliant,” she says.
From March 12 businesses could be fined up to $1.7 million per breach of the new regulations, which aim to bring Australia’s privacy laws up-to-date with technology trends.
The laws will make it more difficult for businesses to collect information about consumers without their knowledge and will also give consumers more control over their ability to opt-out of marketing communications.
The laws will apply to businesses turning over more than $3 million a year and collect personal data.
Other small businesses which are health services providers, are related to a larger business, trade in personal information or contract to the Commonwealth will also need to comply.
However, Nicholson says it’s been predominantly larger businesses needing last minute information on the privacy law changes.
“They [the businesses making inquiries] are across a range of industries and they’re reasonably sized companies. They’re under-prepared and the changes are finally here,” she says.
“They’re also often the Australian branch of a multinational which hasn’t focused on the Australian legislation. They could have really great policies for the European Union regulations, but those then need to be adapted for Australia,” she says.
Nicholson says many companies which only deal business to business tend to be unaware the laws also apply to them.
“Even if you’re predominantly b2b, some of the changes will impact you,” Nicholson says.
Under the changes, the Privacy Commissioner will have greater powers to enforce the legislation.
The commissioner will be able to accept enforceable undertakings, seek civil penalties in the case of serious breaches, and conduct assessments of privacy performance for both Australian government agencies and businesses.
Nicholson says the commissioner has also indicated if a company has failed to update its policies and practices prior to March 12, so long as it can show it’s “working through the updates”, this will be taken into consideration.
But Nicholson says the changes need to be taken seriously and she expects a serious penalty will be delivered within the first six months of the new changes.
“The commissioner will be looking for an opportunity to work through the charges, so I expect there will be a high profile breach within six months,” she says.
“In America every three months there is a significant breach… the Privacy Commissioner has put out enough warnings.”