Privacy reform changes are on the horizon, and passing mandatory breach notification legislation looks to be all but a technicality, leading Symantec principal consultant John Reeman to issue a sobering warning: Businesses are out of time.
“This law is coming. The fines are significant. There are no excuses anymore. You need to do something,” he said at the Symantec Symposium in Sydney on Tuesday.
The privacy commissioner has already been granted powers to hand down fines to organisations of up to AU$1.7 million for organisations and AU$340,000 for individuals, and a new set of Australian Privacy Principles have been created. These changes come into effect in March next year.
Additionally, mandatory data breach notification legislation has passed through the federal lower house, and is expected to go before the Senate in November.
Reeman warned that some organisations, especially those dealing with direct marketing, could be caught out by the new principles that deal with the collection of solicited and unsolicited personal information, how organisations can use this information, and whether it is “reasonably necessary” to do so.