AFSLs warned over increased scrutiny of privacy rules
AFSLs need to be prepared for enhanced compliance requirements and increased scrutiny as new privacy rules come into place.
The Attorney-General’s Privacy Act Review Report was released in February 2023 and proposed 116 amendments to the Privacy Act 1988 to align Australia more closely with global standards. In the Australian government’s response in September 2023, it agreed on 38 proposals and accepted 68 more in principle.
Agreed proposals include security and destruction of personal information, the personal information used in automated decision making, a tiered civil penalty system for privacy breaches including for licensees and advisers, and expanded powers for courts to issue a wider range of orders.
Legislative amendments are due to be introduced this year with further consultation to refine the agreed in-principle proposals. It is understood Treasury has not yet confirmed when the new rules will come into force.
This will impact licensees in terms of:
- Enhanced compliance requirements
- Increased regulatory scrutiny
- Operational adjustments
- Employee training and awareness
- Client communication and trust
Changes needed by licensees include updating privacy policies, reviewing existing documentation, and implementing technical measures around secure disposal of personal information. Not only will the disposal of personal information apply to clients but also to employee data that could affect how licensees store data and may necessitate updating employment contracts or data handling policies.
Regarding client data, licensees and advisers must be transparent with clients about how their data is stored and used, demonstrate a commitment to data protection, and obtain clear and informed consent from clients, among others.
If firms fail to put the appropriate measures in place, compliance firm Assured Support warned there will be greater penalties than before. Tiers of civil penalty provisions will be created, requiring entities to mitigate and redress foreseeable loss from privacy breaches, investigate the feasibility of an industry funding model for the OAIC, and grant the information commissioner power to undertake public inquiries.
“Enhanced investigative powers for the Office of the Australian Information Commissioner (OAIC) mean that licensees should prepare for more frequent and thorough audits. Regular internal reviews and compliance checks will be necessary to ensure adherence to new regulations,” it said.
The firm recommended that licensees start making changes by taking actions ahead of implementation such as reviewing privacy policies, engaging in industry consultation, educating staff, and monitoring regulatory developments.
It said: “The government’s response to the Privacy Act Review Report represents a significant step toward modernising Australia’s privacy laws. For AFS licensees and advisers, these changes will necessitate a thorough review of existing practices and the implementation of new compliance measures. By staying informed and proactive, businesses can navigate these changes effectively and ensure they protect their clients’ and employees’ personal information.”
AUTHOR
Laura Dew
Recommended for you
Sequoia Financial Group has declined by five financial advisers in the past week, four of whom have opened up a new AFSL, according to Wealth Data.
Insignia Financial chief executive Scott Hartley has detailed whether the firm will be selecting an exclusive bidder for the second phase of due diligence as it awaits revised bids from three private equity players.
Insignia Financial has reported a statutory net loss after tax of $17 million in its first half results, although the firm has noted cost optimisation means this is an improvement from a $50 million loss last year.
With alternative funds being described as “impossible” for fund managers to target towards advisers without the support of BDMs for education, Money Management explores the evolving nature of the distribution role.
