Whether a start–up or a listed ASX company, your business opportunities are increasingly on–line and/or overseas. At last count over 80 countries have adopted data privacy laws and Australia's new Australian Privacy Principles (APPs) come into effect from 12 March 2014. The new APPs, overseas laws and attitudes toward data privacy are very different from business as you know it.

What you think you know about data privacy in Australia and overseas may just be wrong! This "Top Ten" fact sheet dispels some common misconceptions about privacy.

10. BUSINESS INFORMATION IS NOT PERSONAL INFORMATION

"Personal information" is not restricted to one's personal life. In most countries it is any information that can be used to identify an individual (even indirectly) and, in some countries, company names are considered personal data.

9. PUBLIC DATA IS THERE TO BE USED

In Australia and many other countries data published by a public body, or personal information posted by an individual on a public forum, cannot be lawfully used by a third party and/ or this "collection" triggers new privacy obligations.

8. WE'RE COMPLIANT–WE HAVE AN IT SECURITY POLICY

Your IT security policy, while important, is not the sole personal information security obligation, let alone data privacy obligation. Also, is your privacy policy up to date?

7. THE NEW APPS DON'T CHANGE MUCH

Every existing Australian privacy policy (and often one's privacy processes) will require amendment to comply with the new APPs. In addition, the impact of the change in the regulator's powers and attitude and the introduction of fines from 12 March 2014 should not be underestimated.

6. WE'RE COMPLIANT – WE HAVE A PRIVACY POLICY/PROGRAM

Does your policy include the minimum mandatory requirements for each of the countries in which you operate? Also, protection of personal information, privacy rights, patient information, bank secrecy, employee rights and data security (to name a few) are not one and the same. Laws and regulations in these areas may co–exist, overlap or even contradict each other. Your policy and program might not adequately address all these aspects.

5. WE KNOW OUR PRIVACY ABC'S – APPS, BIG DATA AND CLOUD

The emergence of new technologies (i.e. Apps, Big Data and Cloud) is leading to tougher requirements as to "informed" consent. Different issues arise and different privacy processes (and sometimes policies) are required in most countries for Apps, Big Data and Cloud computing.

4. NO NEED TO WORRY – WE ONLY TRANSFER DATA OFFSHORE TO RELATED ENTITIES

In most countries the offshore transfer of data (even to a related entity) requires prior notification to (if not the consent of) the relevant individuals. In some countries offshore transfers are prohibited, unless approved by the regulator.

3. PRIVACY'S NOT A PRIORITY FOR US

In Australia from 12 March 2014 companies can be fined $1.7 million and individuals $340,000 for a serious invasion or repeated invasions of privacy (i.e. breaches of the APPs). Fines and increased enforcement are now the norm in Asia and the EU has proposed fines of up to 2% of worldwide turnover. Can you afford for privacy not to be a priority?

2. COMPLIANCE IS TOO COMPLEX!

It does not need to be. We can help you set priorities and determine the essential and practical means to better protect your business, your employees, your customers and your reputation.

1. COMPLIANCE IS TOO COSTLY!

Again, it does not have to be! We manage compliance projects and issues globally and locally on a daily basis. We know how to leverage that experience to work to nearly any budget, whether locally, regionally or globally.

© DLA Piper

This publication is intended as a general overview and discussion of the subjects dealt with. It is not intended to be, and should not used as, a substitute for taking legal advice in any specific situation. DLA Piper Australia will accept no responsibility for any actions taken or not taken on the basis of this publication.


DLA Piper Australia is part of DLA Piper, a global law firm, operating through various separate and distinct legal entities. For further information, please refer to www.dlapiper.com