With the revised Privacy Bill due to become law on 1 December 2020 specialist privacy lawyers at Dentons Kensington Swan have drawn up a list to help business owners prepare for the incoming changes.
Their first recommendation is that business owners develop a plan to manage any breaches of data, as business will be expected to comply with the notifiable privacy breach regime.
“That regime will apply to a broad range of breaches, from information on physical files and accidental breaches, to an inability to access information,” says the firm.
“While breaches can be difficult to predict, your response shouldn’t be. Now is the time to create a plan about how your business will assess, contain, and respond to breaches in a way that complies with the new act.”
If you are using any cloud-based services then the firm recommends you review these agreements.
“The new act explicitly clarifies that businesses that use cloud service providers to host personal information – including providers based offshore – will remain responsible for that personal information,” says the firm.
While breaches can be difficult to predict, your response shouldn’t be…
Sharing information with companies off-shore is also something to watch out for.
Dentons Kensington Swan says that if your business discloses information offshore for other businesses to use for their own purposes, then from December you’ll need to have a legal basis for doing so.
“Even if the entity you are disclosing the information to is part of the same ‘group’ as your business.”
However, the firm says there are a number of grounds you might be able to rely on “…including grounds that are due to be clarified further by regulations”.
The firm also warns that with the Privacy Commissioner’s increased investigatory and enforcement powers under the new act, it is a good idea to make sure your privacy policies are up to date, transparent, and accurate, and your staff have all had appropriate training.