Privacy breach can be costly

MCCULLOUGH Robertson Lawyers senior associate Emma Weedon says the need to comply with the provisions of the Privacy Act has never been more pressing.
The percentage of businesses that consider it important has never been so low, with most considering it a ‘toothless tiger’.

“The number of businesses that also wrongly believe a website privacy policy is sufficient to cover them has also never been so high,” says Weedon.

“Whilst compensation awards under the Privacy Act have to date been quite low, the legal and general business cost of defending a complaint can be significant, particularly when compared to the relatively low cost of ongoing compliance.”
Businesses must comply with the 10 National Privacy Principles (NPPs) if they are to avoid customer complaints to the Privacy Commissioner, which she believes are relatively straightforward to make and can cost an organisation significant amounts of time and money.

“The biggest complaint by individuals is that an organisation has used their information in a way that it was not authorised to, or that it has disclosed information to a third party without permission.”
Common areas of complaint also include marketing activities, medical records and the failure to maintain correct information.

Weedon cites the Australian Law Reform Commission’s report into privacy legislation as potentially putting an end to current privacy law misconceptions if it is enacted, with the introduction of an ‘at fault’ data breach notification system with harsher penalties.