AFSLs warned over increased scrutiny of privacy rules
AFSLs need to be prepared for enhanced compliance requirements and increased scrutiny as new privacy rules come into place.
The Attorney-General’s Privacy Act Review Report was released in February 2023 and proposed 116 amendments to the Privacy Act 1988 to align Australia more closely with global standards. In the Australian government’s response in September 2023, it agreed on 38 proposals and accepted 68 more in principle.
Agreed proposals include security and destruction of personal information, the personal information used in automated decision making, a tiered civil penalty system for privacy breaches including for licensees and advisers, and expanded powers for courts to issue a wider range of orders.
Legislative amendments are due to be introduced this year with further consultation to refine the agreed in-principle proposals. It is understood Treasury has not yet confirmed when the new rules will come into force.
This will impact licensees in terms of:
- Enhanced compliance requirements
- Increased regulatory scrutiny
- Operational adjustments
- Employee training and awareness
- Client communication and trust
Changes needed by licensees include updating privacy policies, reviewing existing documentation, and implementing technical measures around secure disposal of personal information. Not only will the disposal of personal information apply to clients but also to employee data that could affect how licensees store data and may necessitate updating employment contracts or data handling policies.
Regarding client data, licensees and advisers must be transparent with clients about how their data is stored and used, demonstrate a commitment to data protection, and obtain clear and informed consent from clients, among others.
If firms fail to put the appropriate measures in place, compliance firm Assured Support warned there will be greater penalties than before. Tiers of civil penalty provisions will be created, requiring entities to mitigate and redress foreseeable loss from privacy breaches, investigate the feasibility of an industry funding model for the OAIC, and grant the information commissioner power to undertake public inquiries.
“Enhanced investigative powers for the Office of the Australian Information Commissioner (OAIC) mean that licensees should prepare for more frequent and thorough audits. Regular internal reviews and compliance checks will be necessary to ensure adherence to new regulations,” it said.
The firm recommended that licensees start making changes by taking actions ahead of implementation such as reviewing privacy policies, engaging in industry consultation, educating staff, and monitoring regulatory developments.
It said: “The government’s response to the Privacy Act Review Report represents a significant step toward modernising Australia’s privacy laws. For AFS licensees and advisers, these changes will necessitate a thorough review of existing practices and the implementation of new compliance measures. By staying informed and proactive, businesses can navigate these changes effectively and ensure they protect their clients’ and employees’ personal information.”
AUTHOR
Laura Dew
Recommended for you
The decision whether to proceed with a $100 million settlement for members of the buyer of last resort class action against AMP has been decided in the Federal Court.
ASIC has released the percentage of candidates who passed its August financial advice exam with the volume dropping to the lowest since November 2022.
Clients are exhibiting multiple concerns on the intergenerational wealth transfer, making it imperative for advisers to address these fears through comprehensive strategies, Adviser Ratings explores.
ASIC has identified three situations where it may be difficult for a licensee to assess an adviser’s qualifications and provided case studies of how they should be tackled, as it undergoes a crackdown on FAR reporting.
