Organisations risk being caught out if they don’t start acting now to update policies.
New privacy laws come into force on 13 March 2014. With less than a year to review their privacy policies and information systems to ensure ongoing compliance, businesses need to consider changes to any policies relating to the receipt of unsolicited information, direct marketing and the retention of personal information.
Companies need to have processes to deal with unsolicited information, for example, how to destroy or de-identify it if it could not have been lawfully collected.
Under the new laws, individuals can request that an organisation not disclose their personal information to facilitate direct marketing. So businesses need to review policies and practices to ensure compliance.
Finally, contractual arrangements with third parties involving the disclosure of personal information should also be reviewed, particularly in relation to direct marketing and cross-border transactions.