Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey

Some Australian IT professionals have admitted that their organisation won’t be prepared for the Privacy Act amendments which come into effect today, according to the results of a new survey.

Senetas (ASX: SEN) conducted phone interviews with 50 IT workers including CIOs, CTOs, security and network managers during January and February 2014.

Seventy four per cent of respondents said it was “highly unlikely” that their organisation would be ready for the amendments, while 15 per cent said that their company would be ready after reviewing their data security arrangements.

Less than 30 per cent of the respondents had detailed knowledge of the amendments or the new Australian Privacy Principles (APPs). In addition, 14 per cent of the IT professionals had sought legal advice about their potential liabilities under the new regulations.

• Cost of a Privacy Act breach could extend to ongoing audits: legal expert
• Top 4 data privacy tips
• New data privacy laws: What you need to do to comply

The report also found that for 90 per cent of respondents, data security planning is driven by commercial factors such as cost. In addition, 95 per cent said that any changes needed to minimise the risk of data breaches – and the potential fine of up to $1.7 million for companies –would be subject to budget and implementation time.

According to Senetas CEO Andrew Wilson, this approach to data security was “concerning” following a number of Australian and overseas data network breaches such as the Target United States breach in January 2014.

“Unless Australia adopts mandatory data breach notification, there is a risk that Australia’s sensitive information will be exposed and that collaboration with international markets seeking business partnerships with those that operate under similar jurisdiction,” he said in a statement.

The survey findings follow a similar report conducted by Clearswift in August 2013 with 200 Australian IT managers.

The Enemy Within report found 35 per cent of respondents did not know about the amendments to the Act, while 73 per cent indicated they were unaware of proposed mandatory data breach legislation. The Bill did not pass the senate before parliament rose prior to the September 2013 election and lapsed.

At the time, Australian Privacy Commissioner Timothy Pilgrim said he was working hard to produce more guidance to help organisations understand the revised obligations.

“The Office of the Australian Information Commissioner [OAIC] has provided comparison guides and checklists, as well as releasing guidance on the APPs,” he said.

“By March 2014, businesses will have had 15 months to prepare. The key concepts underpinning the Privacy Act are not new, the private sector have been working with them for over 12 years now."

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia