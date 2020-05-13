A Melbourne lawyer is warning businesses to prepare for potential privacy issues that may already be arising from current remote working conditions.

Rigby Cooke Lawyers Senior Associate Emma Simpson said while business owners were currently focussed on doing what they could to remain afloat, a significant privacy breach could seriously impede their recovery.

“Many businesses are operating in survival mode and they may not be aware of the breaches which may currently be happening,” Ms Simpson said.

“Employees may not have thought very carefully about the privacy risks of their home-office set up – children using their devices, family members or visitors overhearing sensitive phone calls or misplaced documents due to the lack of proper storage to name a few.

“Employers are reliant on their staff ensuring the privacy and confidentiality of the information they have access to in their work.

“However, employers need to ask themselves if they have done what they can to ensure they have adequate policies and procedures in place, and their staff have been properly trained to know what it means for them.

“Do your staff understand what their obligations are under the business’ privacy policies and procedures in a remote working context?

“Ultimately, employers will bear the reputational costs of a Notifiable Data Breach, which by law must be reported to the Australian Information Commissioner and affected individuals.

“This reputational damage could prevent a business from fully recovering when the economy begins to open up again.”

Businesses with a turnover of $3 million or more, and some smaller businesses (including those which handle health and medical information), are required to comply with the Privacy Act 1988 (Cth) and the Australian Privacy Principles.

This requires businesses to maintain and enforce a Privacy Policy which addresses the specific practices of their business. Perhaps even more critical is having internal procedures and systems in place internally to ensure staff actually do what the policy says. Serious breaches of the act can result in fines of up to $2.1 million.

“Businesses should perhaps take the opportunity of a reduced workload to look at addressing their Privacy Policy and internal procedures and ensuring they are robust,” Ms Simpson said.

“In my experience, many businesses simply copy a Privacy Policy from the internet – an approach which means their policy will not address the specific needs of their business.