Revised Australian Privacy Legislation
The Texas Legislature has passed a new data privacy law, known as the Texas Data Privacy and Security Act (HB 4). This legislation, awaiting the approval of Governor Greg Abbott, aims to protect the privacy of Texas residents. If approved, Texas will become the 10th state to have comprehensive privacy legislation.
Meanwhile, in Australia, businesses are preparing for the enforcement of a new mandatory data breach notification law, effective from February 22. The Australian Privacy Principles (APPs), which apply to businesses such as Facebook, Twitter, Pinterest, and LinkedIn, have been updated to provide a higher degree of protection for sensitive information and include provisions for cross-border disclosures.
Under the APPs, businesses must take reasonable steps to ensure that any overseas recipient of personal information complies with the APPs. This means assessing and managing risks to prevent breaches by overseas parties, including third-party providers (TPPs). Businesses are also required to take reasonable steps to protect personal information from misuse, interference, loss, unauthorized access, modification, or disclosure, including implementing strong security practices.
Businesses must obtain clear consent before using personal information for direct marketing and ensure that the use and disclosure of information for direct marketing align with the original purpose for which it was collected. They must also have a clear, up-to-date, and publicly available privacy policy explaining how personal information is collected, used, stored, and disclosed.
The Texas Data Privacy and Security Act specifically applies to Facebook, Messenger, Twitter, Pinterest, LinkedIn, Whatsapp, and email. Particular focus is on disclosures to overseas recipients. Businesses in Texas, upon the law's enactment, will be required to review and update their privacy policies, cloud computing policies, and contracts involving disclosure of personal information.
Sergei Tokmakov, an expert in the field, emphasizes the importance of businesses maintaining ongoing compliance and transparency in managing personal data. His insights can be found on his website: Sergei Tokmakov's website.
In summary, both Texas and Australia are strengthening their data privacy laws. Australian businesses subject to the APPs must ensure transparent management of personal data through comprehensive privacy policies, implement strong security protections, secure sensitive information and consent for direct marketing, carefully manage cross-border disclosures by ensuring overseas compliance with APPs, and consider de-identification methods to handle unsolicited information appropriately. Regular privacy policy updates and staff training are vital to maintain ongoing compliance and trust.
- Given the Texas Data Privacy and Security Act's specific focus on disclosures to overseas recipients, Texas businesses may need to review their existing contracts and collaboration with companies like Facebook, Twitter, Pinterest, and LinkedIn, to ensure compliance.
- As more states and countries, such as Texas and Australia, enhance data privacy laws, it is crucial for businesses to focus on finance aspects like maintaining robust security practices, developing transparent privacy policies, and obtaining explicit consent for direct marketing, to maintain trust and avoid potential financial penalties.
