Are you a public or private sector business dealing with customer information? Our law states if you are then you must have a Privacy Officer.
In this blog, we detail this role, why having a Privacy Officer is essential and their responsibilities are under the Privacy Act.
What is a Privacy Officer?
A Privacy Officer deals with all matters privacy-related, in addition, to overseeing privacy law compliance.
Personal information is data that you use to identify your customers. For example, this includes:
- full names;
- email addresses;
- location data; and
- payment details.
You have specific requirements covering how you handle each aspect of personal data collection. A Privacy Officer makes sure you do this properly.
Privacy Officers can prevent or fix privacy issues before they become serious problems, saving you money, or lost business.
If someone complains that your organisation has breached their privacy, your privacy officer can help resolve things quickly and effectively.
What are a Privacy Officers duties?
The law imposes various duties on your Privacy Officer. For example:
- having a general understanding of the Privacy Act and its principles;
- ensuring your business complies with its privacy obligations;
- dealing with customer complaints about privacy breaches;
- handling customer information access requests relating to privacy;
- liaising with the Privacy Commission; and
- aiding the Privacy Commission in any investigations.
On top of these responsibilities, your Privacy Officer may do more general tasks that improve your business’ privacy and security.
As a business, you are responsible for reporting any privacy breaches to the Privacy Commission. If you fail to do so, you could face a fine of up to $10,000 and other serious legal consequences depending on the nature of the breach.
Who should be a Privacy Officer?
Anyone can be a Privacy Officer. You can also have more than one depending on the size of your business.
In smaller organisations, the Manager is normally responsible for all legal compliance, including privacy.
Large organisations may need one or more employees focusing exclusively on privacy matters.
Whoever takes on the duties of a Privacy Officer, it’s important for managers to take their advice seriously.