DIGITAL CLIENT IDENTITY:
PROTECTING YOUR BUSINESS AND YOUR CUSTOMERS’ PRIVACY
TUESDAY 31ST JANUARY 2023 | 3PM
SOFITEL SYDNEY WENTWORTH PLUS WEBINAR ACCESS OPTION
Learn more about the Privacy Legislation Amendment and how to protect your business and your customers
SPEAKERS: Matt Huntington – Department of Home Affairs; Nathan Kerr – One Click Verify
Privacy Act changes raises the bar
In response to the Privacy Legislation Amendment (Enforcement and Other Measures) Bill 2022, which was passed in Australia on December 12, 2022, businesses are now faced with higher penalties for violating privacy laws.
The key changes to penalties:
- Maximum penalty increased to $2.5 million for individuals
- Companies can be fined an amount not exceeding the greater of:
- $50 million
- Three times the value of any benefit obtained from the violation if it can be determined
- 30% of the company’s adjusted turnover during the period of the violation if the benefit cannot be determined.
To minimize the data that businesses keep and reduce the risk of violating privacy laws, it is recommended that analogue businesses record the processes for identifying customers and the identifying information presented, but do not keep copies. For businesses that use a digital identity provider, it is recommended to keep a record of the result, such as the request date and transaction log, but ideally also the VRN.
Businesses that fall under the Australian Privacy Principles, Safeguards, Privacy Tax File Rule 2015, or GDPR should follow similar guidance. Analogue businesses should deidentify and destroy identification documents when they are no longer needed, and if transmitting these documents, do so through encrypted and secure channels. Companies should also ensure they are compliant with relevant standards, such as ISO 27001 or iRAP certification. By following these guidelines, businesses can ensure they are meeting their obligations and minimizing their risk of violating privacy laws.”