AFSLs warned over increased scrutiny of privacy rules
AFSLs need to be prepared for enhanced compliance requirements and increased scrutiny as new privacy rules come into place.
The Attorney-General’s Privacy Act Review Report was released in February 2023 and proposed 116 amendments to the Privacy Act 1988 to align Australia more closely with global standards. In the Australian government’s response in September 2023, it agreed on 38 proposals and accepted 68 more in principle.
Agreed proposals include security and destruction of personal information, the personal information used in automated decision making, a tiered civil penalty system for privacy breaches including for licensees and advisers, and expanded powers for courts to issue a wider range of orders.
Legislative amendments are due to be introduced this year with further consultation to refine the agreed in-principle proposals. It is understood Treasury has not yet confirmed when the new rules will come into force.
This will impact licensees in terms of:
- Enhanced compliance requirements
- Increased regulatory scrutiny
- Operational adjustments
- Employee training and awareness
- Client communication and trust
Changes needed by licensees include updating privacy policies, reviewing existing documentation, and implementing technical measures around secure disposal of personal information. Not only will the disposal of personal information apply to clients but also to employee data that could affect how licensees store data and may necessitate updating employment contracts or data handling policies.
Regarding client data, licensees and advisers must be transparent with clients about how their data is stored and used, demonstrate a commitment to data protection, and obtain clear and informed consent from clients, among others.
If firms fail to put the appropriate measures in place, compliance firm Assured Support warned there will be greater penalties than before. Tiers of civil penalty provisions will be created, requiring entities to mitigate and redress foreseeable loss from privacy breaches, investigate the feasibility of an industry funding model for the OAIC, and grant the information commissioner power to undertake public inquiries.
“Enhanced investigative powers for the Office of the Australian Information Commissioner (OAIC) mean that licensees should prepare for more frequent and thorough audits. Regular internal reviews and compliance checks will be necessary to ensure adherence to new regulations,” it said.
The firm recommended that licensees start making changes by taking actions ahead of implementation such as reviewing privacy policies, engaging in industry consultation, educating staff, and monitoring regulatory developments.
It said: “The government’s response to the Privacy Act Review Report represents a significant step toward modernising Australia’s privacy laws. For AFS licensees and advisers, these changes will necessitate a thorough review of existing practices and the implementation of new compliance measures. By staying informed and proactive, businesses can navigate these changes effectively and ensure they protect their clients’ and employees’ personal information.”
AUTHOR
Laura Dew
Recommended for you
A relevant provider has received a written direction from the Financial Services and Credit Panel after a superannuation rollover resulted in tax bill of over $200,000 for a client.
Estimates for the calendar year 2024 put the advice industry on track for a loss in adviser numbers as exits offset gains from new entrants.
Adviser Ratings shares five ways that financial advice changed in 2024 with an optimistic outlook for 2025, thanks to the Delivering Better Financial Outcomes legislation.
National advice firm Invest Blue has announced several acquisitions, including the purchase of an estate planning and wealth protection business Lambert Group.
