Aussie firms unprepared for Privacy Act changes

Up to three in five Australian organisations are unprepared for changes to the Privacy Act coming into effect this month, leaving themselves liable to fines and penalties, a new report asserts.

The report from Galaxy Research, commissioned by Iron Mountain, shows that as of December less than one fifth of organisations had taken any action to prepare for the Privacy Amendment Act.

A survey of 101 Australian executives in charge of their companies' information security also suggests that only 54% of organisations have evaluated the law's impact on their business, and 17% were completely unaware of the amendment.

The amendment takes effect on 12 March. It will require organisations to have compliant privacy policies and procedures, specific to the company, in place by this time. The amendment also classifies a wider range of information as personal information.

Organisations deemed to not be in compliant with the new regulations face penalties as high as $1.7 million.

The survey also shows that more than 70% of respondents believe that the risks associated with the management of information are greater than ever.

Organisations with an information risk officer are on average twice as likely to be in the process of making changes to comply with the new amendment than those who don’t. They are also twice as likely to be aware of the draft legislation covering mandatory data breach notification.

“Many of the findings of the study confirm what we have suspected to be the case for some time,” Iron Mountain Australia managing director Greg Lever said. “While organisations are coming to recognise the importance of information as a source of competitive advantage, too many are either unaware or simply not ready for the challenges of today’s information landscape.”

Image courtesy of g4ll4is under CC