Home' micenet eMag : micenet AUSTRALIA April 2014 Contents MATT CROUCH
New Privacy laws
Matt Crouch and his associate Natalia Panchenko
dissect the changes for the business event sector.
BY MATT CROUCH AND NATALIA PANCHENKO
he Privacy Act 1988 (Cth) changes will affect entities that
are currently subject to the Act. Generally, these are
businesses with an annual turnover of more than $3
million – but if your business operates a health service, contracts
with the Commonwealth Government or trades in personal
information, it will also be caught by the new laws.
The reforms coming into effect include:
• Creation of the Australian Privacy Principles which unifies
privacy rules across the private and public sectors.
• Expansion of the principles – the privacy principles themselves
have been expanded – IE: there are some new principles
applicable over and above the former National Privacy
Principles and the Information Privacy Principles.
• Comprehensive credit reporting – credit reporting agencies
may provide ‘positive’ credit history not just bad credit
• New provisions on privacy codes and the credit reporting
code – EG: regulated entities will be required to notify
individuals and the Information Commissioner where there has
been unauthorised access to, or disclosure of, personal
information, or where personal information is lost. Serious
breach will arise in such circumstances where there is a real
risk of serious harm to the data subject as a result of the
• Enhanced powers of the Information Commissioner, such as
the authority to direct an organisation to notify of a data
breach, and to give an exemption from notification where it is
in the public interest to do so;
• Severe penalties for breaches of the Act – up to $340k for
individuals and $1.7 million for companies.
By law, businesses need to be compliant now. The Privacy
Commissioner has indicated that it will, at least initially, adopt a
helpful approach to assist businesses to comply – it will be on
the look-out for businesses that have made no effort to comply
or who are cynically breaching the Act. How long this “helpful
phase” lasts is anyone’s guess.
In short, if your business has not conducted a review and
update of its management of personal information, it is most
likely non-compliant with the law. If you haven’t already done it,
you should immediately:
• review your website privacy notice and information collection
practices via the website;
• prepare provisions for inclusion in outsourcing arrangements
where the contractor may have access to personal
information you have collected from your clients, etcetera; and
• review all direct marketing practices, including the availability
of ‘opt out’ mechanisms.
In the meetings and events world, there are a couple of red-
hot privacy issues, mostly concerning delegate lists and
PCOs and event managers should not be sharing, selling or
disclosing lists of delegates, sponsors and advertisers to third
parties. An individual goes to a conference on the subject of
cardio-vascular health and later is bombarded with invitations to
participate at IT conferences. The outcome? A potentially very
upset delegate with a bee in his/her bonnet and the possibility of
a complaint to the Privacy Commissioner and ultimately an
As far as delegate lists are concerned:
1. Beware acquiring them from other PCOs and event managers
and form list rental businesses. The supplier may not have
complied with privacy laws and you may inherit a mountain of
personal information with a mountain of work and expense to
make it compliant.
2. In any acquisition of delegate lists you should obtain a
warranty (promise) from the supplier that privacy laws have
been complied with. That would include informing the
individuals on the list that their information might be “sold” to
other PCOs and event managers such as you. You should
also ask to see a sample of the privacy notices that were
given to the individuals when the information was first
collected from them.
3. Unless you have the consent of the individuals on the delegate
list, we would not recommend that you give the list, sell or
trade it to other PCOs or event managers. It is unlikely to be a
permissible use/disclosure under the Privacy Act and as noted
above, severe penalties are now in force.
If you haven’t given privacy any thought lately, you need to get
cracking. Under the old laws, non-compliance may have meant
a painful and embarrassing investigation by the Privacy
Commissioner and the possibility of some reputational damage.
Now? .... the chance of a whopping great fine. m
Matt Crouch is a partner in Hodgkinson McInnes Legal. He can be
contacted via email – firstname.lastname@example.org or on (02) 8267 7362.
At Sydney Showground, we create
sensational exhibitions on any scale. We
are Sydney’s biggest exhibition centre with
over 32,000 sqm of clearspan space and
over 20 indoor and outdoor venues. We are
custom-built for major trade and consumer
shows with underground services and the
city’s largest loading dock. And our catering
team serves up award-winning food made
fresh onsite. The result is a big experience
for visitors and exhibitors.
Links Archive Welcome micenet AUSTRALIA June July 2014 Navigation Previous Page Next Page