Compliance or Consequences: Why Prioritizing Privacy is Critical for Your Business

"Failing to prepare is preparing to fail" is a famous quote from Benjamin Franklin, and it's more relevant than ever with the upcoming changes to consumer privacy regulations.

In a recent LinkedIn poll by Anthony J James (AJ) , 59% of respondents noted substantial work needed to be completed for upcoming changes to the data privacy legislation in Australia, with 39% admitting that their company was not at all prepared.

Proposed Privacy Act Amendments: What You Need to Know About Consent, Personal Information, De-identified Data, and Targeting

The Privacy Act Review Report, released in February, outlined 116 proposals for reforming the Privacy Act 1988 (Cth) to protect Australians' privacy in the digital age.?

The changes will significantly impact businesses, from their data collection and consent practices to their handling of data breaches and the use of de-identified data.

Some key proposals include tighter regulations around data breaches, an extended definition of personal information, and the right for consumers to opt out of all targeting. The reforms our clients are most interested in are:

• Consent: the report proposes amending the definition of 'consent' to be voluntary, informed, current, specific, and unambiguous. This recommendation reflects the current guidance of the Office of the Australian Information Commissioner. However, the recommendations suggest that there will be less reliance on consent compared to global regulations such as GDPR, with more onus on businesses to fulfil privacy obligations.
• Personal Information: The report proposes changing the definition of personal information from "about" to "relates to" and introduces a spectrum of identifiability, broadening the scope of information covered. This aligns with other Commonwealth legislation and the GDPR's language. Additionally, inferred or generated information will be considered "collected" under the Privacy Act, which may have significant implications for many AI applications.
• De-identified data: The report proposes extending privacy obligations to cover de-identified datasets, including protecting against unauthorised access and ensuring overseas recipients comply with the regulations. The report also recommends prohibiting the re-identification of de-identified information and introducing a criminal offence for malicious re-identification that causes harm or illegitimate benefit.
• Targeting: The report proposes new definitions and regulations for targeting, which relates to the tailoring services, content, information, advertisements or offers provided to individuals. This includes prohibiting personal information, de-identified information, and internet tracking history for targeted advertising to children and sensitive information for targeted advertising to anyone. New transparency requirements will be in place for any permitted targeting, with individuals able to opt-out, drawing from regulations introduced by the European Commission in the Digital Services Act.

Feedback on the proposed changes to the Privacy Act is open to the public until 31 March 2023.

Compliance or Consequences: Why Prioritising Privacy is Key for Business Success

Businesses that fail to prepare for these changes risk failing to comply, which could significantly impact their operations. Not only could businesses face serious legal and financial consequences, but they could also lose customers' trust and suffer reputational damage.?

In contrast, businesses prioritising privacy and proactively adapting to these changes can build customer loyalty and differentiate themselves in a world where privacy is increasingly valued and protected.

3 Things you can do Today to Prepare for a Privacy-First Era

To be ready for the privacy-first era and any future regulation changes, businesses should stay informed of developments in the regulatory environment and prioritise privacy as a critical business objective. Three things you can start doing today to prepare are:

1. Conduct a comprehensive data audit: Identify all personal data collected and processed to determine necessary changes for compliance with proposed new regulations. This involves identifying the personal data your organisation collects, processes, and stores and understanding how that data is used and shared. This will help you determine what changes may be required to comply with new regulations.
2. Review privacy policies and notices: Transparent and clear privacy policies are not always common practices today. Businesses can start by reviewing and drafting updates to existing policies and notices. Updating these policies will be required to comply with amended regulations, but more importantly, it can help businesses build trust with customers by demonstrating their commitment to protecting personal information.
3. Take a proactive approach to protect any data coming in or out of your organisation: One of the highest-risk practices many businesses engage in is data sharing or transferring personal information to counterparties. This happens for various reasons, including operational, marketing or product fulfilment. Review existing data-sharing practices and processes, particularly sharing personal information with counterparties, is highly recommended.?

Secure your data sharing today with DataCo

We built the DataCo Secure Collaboration Platform specifically to meet the compliance needs of highly regulated industries, including banking. We now work with various industries, helping them gain a competitive edge by unlocking unique customer insights without compromising privacy.

By leveraging advanced data analytics tools, you'll better understand customer preferences, behaviours, and purchasing patterns – insights that can help you make smarter business decisions and grow your bottom line.

So if you're looking for a collaboration platform to help you and your partners work more efficiently and gain a competitive edge, look no further than the DataCo Secure Collaboration Platform. Get in touch today to learn more.