AFSLs warned over increased scrutiny of privacy rules
AFSLs need to be prepared for enhanced compliance requirements and increased scrutiny as new privacy rules come into place.
The Attorney-General’s Privacy Act Review Report was released in February 2023 and proposed 116 amendments to the Privacy Act 1988 to align Australia more closely with global standards. In the Australian government’s response in September 2023, it agreed on 38 proposals and accepted 68 more in principle.
Agreed proposals include security and destruction of personal information, the personal information used in automated decision making, a tiered civil penalty system for privacy breaches including for licensees and advisers, and expanded powers for courts to issue a wider range of orders.
Legislative amendments are due to be introduced this year with further consultation to refine the agreed in-principle proposals. It is understood Treasury has not yet confirmed when the new rules will come into force.
This will impact licensees in terms of:
- Enhanced compliance requirements
- Increased regulatory scrutiny
- Operational adjustments
- Employee training and awareness
- Client communication and trust
Changes needed by licensees include updating privacy policies, reviewing existing documentation, and implementing technical measures around secure disposal of personal information. Not only will the disposal of personal information apply to clients but also to employee data that could affect how licensees store data and may necessitate updating employment contracts or data handling policies.
Regarding client data, licensees and advisers must be transparent with clients about how their data is stored and used, demonstrate a commitment to data protection, and obtain clear and informed consent from clients, among others.
If firms fail to put the appropriate measures in place, compliance firm Assured Support warned there will be greater penalties than before. Tiers of civil penalty provisions will be created, requiring entities to mitigate and redress foreseeable loss from privacy breaches, investigate the feasibility of an industry funding model for the OAIC, and grant the information commissioner power to undertake public inquiries.
“Enhanced investigative powers for the Office of the Australian Information Commissioner (OAIC) mean that licensees should prepare for more frequent and thorough audits. Regular internal reviews and compliance checks will be necessary to ensure adherence to new regulations,” it said.
The firm recommended that licensees start making changes by taking actions ahead of implementation such as reviewing privacy policies, engaging in industry consultation, educating staff, and monitoring regulatory developments.
It said: “The government’s response to the Privacy Act Review Report represents a significant step toward modernising Australia’s privacy laws. For AFS licensees and advisers, these changes will necessitate a thorough review of existing practices and the implementation of new compliance measures. By staying informed and proactive, businesses can navigate these changes effectively and ensure they protect their clients’ and employees’ personal information.”
AUTHOR
Laura Dew
Recommended for you
Insignia Financial has announced a board director will be stepping down next year after almost a decade amid a board refresh.
Zenith Investment Partners has appointed a Brisbane-based business development manager, who previously led Fitzpatrick Private Wealth Partners as a director and senior adviser.
Praemium has said it is open to investing in artificial intelligence “in a big way” as it believes it can transform the business and details how it is already being used by the firm.
Sequoia has shared its strategic initiatives for FY25, including organically increasing its licensee market share and restructuring its specialist investment arm.
