Since the introduction of the Privacy Act 1988 in Australia, it’s safe to say there has been a monumental shift in the way our personal and business information is stored. The move to digital technology, while providing undeniable benefits, has also increased risks to our privacy and security.
In September this year, the Commonwealth Government tabled its first round of proposed amendments to the Privacy Act 1988, in the form of the Privacy and Other Legislation Amendment Bill 2024 (Cth) (the Bill).
These reforms will affect every business handling personal data.
The amendments aim to increase effectiveness and strengthen privacy protections as well as broaden enforcement options.
Key reforms include:
- establishing a Children’s Online Privacy Code
- creating a statutory tort for serious invasions of privacy which will enable individuals to sue for serious invasions of privacy
- a new civil penalty for acts and practices which interfere with the privacy of individuals and a civil penalty infringement notice scheme
- new powers for the Minister to direct the Commissioner to develop and register Australian Privacy Principles (APP) codes and conduct public inquiries.
The APP codes provide the framework for the Privacy Act. These principles cover collection, use and disclosure of personal information including business accountability in relation to data security and privacy as well as the rights of individuals to access their personal information.
The codes are also considered ‘technology neutral’, allowing them to be adapted to developing technologies such as, for example electronic data storage.
With the Bill expected to be passed in 2025, it is more important than ever for businesses to be prepared, especially those dealing with sensitive information.
To ensure systems are in place and ready to go, businesses should consider conducting an audit of their sensitive documents and electronically held data to ensure compliance, as well as review and update information management policies to fill in the gaps with the new regulations. In addition, secure document and e-waste destruction will play a critical role in compliance with these new regulations by preventing unauthorised access, in-turn reducing the risk of penalties for non-compliance.
Inadequate disposal of confidential information can lead to data breaches, exposing businesses to potential penalties. By using a secure destruction service, businesses can mitigate this risk as well as demonstrate accountability and compliance with the law.
Businesses should do their due diligence to find reliable destruction providers who adhere to the updated regulatory standards and can provide certification of destruction.
As the industry leader and nationally recognised secure destruction provider with the highest industry accreditations, Shred-X offer a fully Privacy Act compliant service for the collection, transportation and destruction of sensitive data.
Shred-X is also committed to environmentally sustainable practices. Secure documents and paper products collected by Shred-X are recycled, with over 50,000 tonnes of recyclable paper being processed and freighted annually to Australian paper manufacturers.
We also work with Australian recyclers to divert e-Waste from landfill. Once all data on assets have been securely and certifiably removed, we use disposal methods to recycle or re-use precious metals and components or alternatively repurpose or reuse IT assets.
What can you do to prepare:
- adopt secure destruction methods for physical documents and digital records, focusing on compliance and risk management
- review and update data storage and disposal policies to align with the updated Privacy Act requirements
- audit data destruction processes to understand what data is being held, how it is stored, when and how data should be disposed.
Privacy Act reform has been well overdue for some time and these new batch of regulations are just the first step. With a second round of regulations due for release later this year and the Bill expected to be passed in 2025, every business needs to plan to ensure compliance and security.
Understanding your business’ data security needs and the importance of secure document destruction will be key. For a free consultation or to learn more about how Shred-X secure destruction services can help your business stay compliant and secure, please contact us on 1300 747 339 or email sales@shred-x.com.au