The $50 Million wake-up call: Time to reassess your privacy posture
As we kick off the 2024/25 financial year, we want to inform you about significant industry news regarding changes to the Privacy Act scheduled for FY25/26. These updates will tighten consumer data capture and privacy standards. This is particularly important for consumer-facing brands, marketing teams, and agency partners as the Government aims to make data protection a universal responsibility. Notably, small businesses with revenue under $3 million, previously exempt under the 1988 Privacy Act, will now be included.
ACCC Digital Platform Services Inquiry Report
The Australian Competition & Consumer Commission (ACCC) has released its Digital Platform Services Inquiry Report, which provides an in-depth look at 'Data Firms' and 'Platform Services.' These entities offer data collection, storage, processing, and analysis services for brands and marketers.
The report reveals that many consumers are unaware of how extensively their personal data is collected from various sources and used by data firms. These firms, often operating without direct consumer relationships, sell data services across industries for marketing, fraud detection, and property analytics. This highlights a largely unseen side of the data ecosystem.
Key Learnings from the ACCC Report
Moving forward, the ACCC is advocating for new legislation to address unfair trade practices and impose strict penalties on regulatory offenders. The proposed penalties include:
Fines upwards of AU $50 million for organisations.
Fines equal to three times the value of benefits obtained from each breach.
Inclusion of small businesses with revenue under $3 million under the new Act.
Safeguarding Your Consumer Data
Consumer data often contains highly sensitive personal information, and robust measures are in place to secure it and protect privacy rights. Here's how businesses ensure your data is protected:
Privacy Safeguards
The Office of the Australian Information Commissioner (OAIC) enforces strict privacy safeguards under the Consumer Data Right (CDR). The Competition and Consumer Act 2010 outlines consumer privacy rights and imposes 13 mandatory privacy safeguards on businesses handling your data. The CDR operates on an opt-in basis, requiring businesses to collect, use, and share consumer data only with explicit consent, which can be withdrawn at any time.
Data Security Protocols
Businesses must follow rigorous protocols for governance, system controls, testing, monitoring, evaluation, and reporting. They are generally required to destroy or de-identify your data when it is no longer needed. They must also comply with the Notifiable Data Breaches scheme, notifying you and the OAIC of any serious data breaches.
Data Deletion and De-identification
If consumer data is no longer needed, businesses must delete or de-identify it. Consumers have the right to request data deletion through a consumer dashboard or by notifying the business in writing. De-identification ensures that data cannot be traced back to an individual, providing an extra layer of security.
Why Leave Privacy & Compliance to Experts?
Protecting privacy and consumer rights in a connected world is complex. Entrusting these responsibilities to experts not only safeguards your business and consumer data but also allows your team to focus on what they do best.
Roilti is a trusted partner in data privacy and compliance
ISO27001 Certified: Compliance as a standard practice.
Full Regulatory Certification: Solutions certified and compliant with lotteries.
Data Privacy Compliance: Adhering to global standards such as GDPR, CCPA, and consent regulations.
Category-Leading Cyber Insurance: Protection against data theft or cyber-attacks.
With Roilti, your business is in safe hands. We prioritise privacy and compliance while continuously innovating to help you deploy data-driven activities securely and efficiently in the market.