The Privacy Amendment (Enhancing Privacy Protection) Act 2012 was introduced to the Australia Parliament in May 2012 and was passed in November that year. The new act includes a new set of harmonised privacy principles that regulate the handling of personal information by both Australian businesses and government agencies. Unfortunately, these commendable changes introduce problems that reflect the ambiguity of the Sarbanes-Oxley (SOX) legislation in the U.S. Enacted in 2002, the SOX law enhanced standards for U.S. public company boards, management and public accounting firms that required top management to individually certify the accuracy of financial information, applying much more severe penalties for fraudulent financial activity. While SOX has raised the compliance bar for corporate reporting, it has had the unintended impact of creating a lot of uncertainty because of its lack of precision. In fact, during the past decade, Sarbanes-Oxley compliance costs and complexity have run out of control in the U.S. From March, Australian organisations will face the same dilemma with the new Australian privacy law – they “must take reasonable steps” to demonstrate compliance with the new legislation without a clear understanding of exactly what is required. To successfully comply with the new Australian Privacy Principles without onerous costs and complexity, both public and private sector organisations need to take special note of key changes to the law and act now to prepare for March 2014.
