Effective March 12, 2014, Australia will adopt new legislation which will require compliance by Canadian businesses that have a website and collect personal information from Australians, or have an Australian link. Software developers and distributors will also need to ensure any applications used in Australia have built-in privacy protections, or alternatively, transparent disclosures. Cloud-based IT service providers need to be particularly vigilant and ensure specific consents are obtained before any data is transferred overseas within the cloud.

Businesses that collect or receive online personal information from individuals located in Australia, or outside Australia if that data is brought to Australia, must comply with the new legislation. It does not matter if the website is owned by a business that is located outside Australia or if the business is not incorporated in Australia. The definition of “personal information” is broad and will likely cover customer records and customer information databases.

Civil penalties of up to $1.7 million AUD for a corporation, $340,000 AUD for an individual, may be imposed for violations.

Businesses should consult with legal counsel about compliance, conduct internal privacy and anti-spam audits to ensure systems and procedures are in place, update their privacy policies and statements, review their direct marketing procedures, data collection processes, websites, distributed software or solutions, and provide staff training and guidelines.