New privacy laws a hassle for printers

Printers have expressed dismay about again having to review their privacy procedures after updates to the privacy act came into effect last week.

Wayne Godsell, managing director of Frontline Printing, says, “I’d prefer not to bother with it. It doesn’t make anything easier for businesses and creates more work. It’s a bloody hassle.”

The updated laws create 13 privacy principles that must be adhered to in how firms store, access and use personal data they collect from customers and employees. Breaches can result in fines of up to $1.7m.

The revisions mean that collection of personal information must be “reasonably necessary” for the organisation’s functions or activities; it must be accurate and kept up to date; it may only be used for the purpose for which it was collected, is connected with the purpose for which it was collected, or if the individual agrees to an alternate use; must be stored securely and access limited only to those who need it; and destroyed when no longer required.

Businesses must also maintain a privacy policy that lays out the type, method and purpose for which information is collected and held; the mechanism for privacy complaints; and whether personal information is disclosed overseas and to whom. This should also be communicated to anyone whose information has been collected as soon as reasonably practicable in the form of a privacy statement.

Printers who use cloud storage for personal information may also need to significantly review their providers, as businesses are now open to an increased risk of liability when transferring data overseas, where security standards may be unacceptably lax.

Peter Karcher, partner at ClarkeKaan lawyers and privacy law specialist, says previous laws allowed businesses to transfer information overseas if they had taken steps to determine the recipient would use it in accordance with Australian law but, under the new laws, “a privacy breach by the overseas recipient can be deemed to be a breach by the Australian business.”

He says, “Not only will this require businesses to scrutinise the consent provisions of their privacy policies, it also warrants careful consideration of contracts with out-sourced IT service providers and cloud computing services.”

Printing Industries Association of Australia workplace relations and legal general manager Charles Watson says printers should, when possible, try to use cloud services based in Australia to avoid this issue.

The area with the most pitfalls for printers is in direct marketing, with new laws prohibiting the use or disclosure of personal information for direct marketing purposes unless the individual agrees to it, can reasonably expect their information to be used for direct marketing purposes and is given an opportunity to opt out.

Watson says this will mostly affect printers who deliver direct mail they have printed on a client’s behalf if the client has acted improperly. He suggests printers seek written assurances from clients that the information has been obtained, and is being used, in compliance with the law.

He says, “You need to make sure clients are doing the right thing. Most of our members already have something in place, but this is a good opportunity to assess the risk and what policies and procedures need to be updated.”

Godsell says he was unaware of the privacy laws coming into force, but that Frontline Printing has customers encrypt all their personal data with a key that only he and his production manager can use to access it, and that the data is stored on a separate part of his server.

Four weeks after a job is completed the data is destroyed and clients must re-send it for future jobs. He says, “It’s difficult with only two people allowed to access it, and the deletions are annoying and time consuming.

“Can they make it any harder?”

Mark James, managing director of print management company GJI, says many printer clients have poor data policies and the new laws will force them to develop better ones, ultimately leading to better communication between clients and printers on privacy matters.

However, he is concerned print volumes will suffer because direct mail recipients must be given a clearer method of opting out.

A survey by debtor finance company Bibby Financial Services and research firm CoreData found 37 per cent of Australian small and medium businesses, the vast majority of the 859 surveyed, were, like Godsell, unaware of the changes and 40 per cent thought they would not affect their business; 16 per cent said they did not plan to make any changes.

Watson says right now the government is focused on educating businesses but after a year they may start snap inspections to check compliance. He says, “The privacy office has been looking to flex its muscles so they will take people to task, especially for blatant breaches.”

The PIAA says member guidelines and checklists have been provided at no cost to all members and recognising that one size fits all policies will not suit every organisation’s needs, their national office network is able to provide individual support to member companies in all states that are affected.

If you are not a PIAA member, call 1800 227 425 to inquire about membership.

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at editorial@sprinter.com.au.  

Sign up to the Sprinter newsletter

Leave a comment:

Your email address will not be published. All fields are required

Advertisement

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.
Advertisement