While many brokers are still confused about where the upcoming privacy law changes will leave them, one expert has claimed the changes are a lot of fuss about nothing.
QED Risk Services director Greg Ashe says the changes are, essentially, minimal over and above the existing legislation.
“For the most part, the new Australian Privacy Principles are a sharper restatement of the existing National Privacy Principles. I know there are significant technical changes, but this is lawyers-at-ten-paces stuff, not the sort of thing for the average broker to worry about if they’re getting their compliance right.
“It’s not that hard and everyone just needs to take a Panadol and lie down.”
While Ashe admits the requirement to have a privacy policy may affect some brokers, he says the majority of brokers should already have one in place.
“Sure – this specific requirement is new, but it was implied before anyway for all businesses. And if you’re a credit licensee, then you have to have a compliance programme and a proper compliance programme should cover all laws, including privacy!”
Under the new legislation, brokers are also not permitted to access credit information on their clients, says Ashe.
However there is provision for brokers to obtain credit bureau reports when acting as an agent for the consumer.
“Again – where is the change here? QED has been questioning brokers for years as to why they would get yet another sign-off from the client,” said Ashe.
“We hear brokers talk about the ‘compliance burden’ all the time so why make it worse? We get that some brokers want to get bureau reports to improve their knowledge of the client and that’s different.
“But unless you’re doing that, all you need to do is give the client your privacy disclosure telling them how you’re going to deal with their information. Getting signed consents is just over-complicating things.”
The final point that could interest brokers is the changes to cross-border information exchange, says Ashe.
Where the existing legislation covers transfer of data, the new legislation only concerns itself with disclosure, meaning that the mere storage of data offshore is not captured.
“This is actually good news for brokers using cloud services such as Dropbox and Salesforce,” says Ashe.
“QED Risk Services has said for many years that there was a huge gap between the Privacy legislation and what the business community actually does. The changes here are subtle but important and have finally come to the aid of the Australian business community.”
In summary, Ashe said there is no need for brokers to get too worked up about the changes.
“Keep handing out your privacy disclosure to clients, follow the methods contained in that disclosure and make sure your compliance programme is testing you on the use of those methods.”