The Privacy Act 1988 (Cth) is Changing – Consider How Technology Can Be Used To Prepare

Posted: 13 November 2023

The Privacy Act 1988 (Cth) is undergoing a significant reform. Mark Dreyfus, the Attorney-General of Australia, stated, “Australia can no longer afford to have inadequate privacy protections.” The pressing need to overhaul this legislation has stemmed from the increase in cyber-attacks and data breaches affecting millions of Australian citizens.

Over half a decade, there has been a global shift in measures taken to protect an individual’s privacy and personal data, as shown through the European Union’s introduction of the General Data Protection Rights (GDPR) and California’s landmark law, the California Consumer Privacy Act of 2018. The Privacy Act 1988 (Cth) reforms are set to align with these privacy regulations.

In February 2023, the Privacy Act Review Report proposed 116 recommendations, and in September of 2023, the Attorney-General announced almost all will be adopted in 2024.

The momentum of these changes highlights the urgency for Australian businesses to proactively maintain their call recording storage requirements while adhering to privacy compliance concerns.

What are the changes your organisation needs to be aware of?

The future changes to the Privacy Act 1988 (Cth) are designed to lift and strengthen an individual’s privacy protections.

In response to the changing landscape of digital technologies, an expanded definition of ‘personal information’ will include cookie identifiers and IP addresses, where an individual may be ‘reasonably identifiable’ even if their name is not disclosed. The Act will have additional powers to hold businesses accountable for the proper management of the data collated by requiring data-gathering entities to obtain informed consent to collect a customer’s data.

The significant changes that are anticipated to be adopted include:

  • “Requiring entities to seek informed consent about handling personal information.”
  • “Making entities accountable for handling individual’s information, and enhancing requirements to keep information secure including destroying data when it is no longer needed.
  • “Providing entities with greater clarity on how to protect individual’s privacy, and simplifying their obligations when handling personal information on behalf of another entity.

The revised Act removes the small business exemption that implies if a business has an annual turnover of less than $3 million, they have no obligation to keep personal information secure or to notify affected people if there is a data breach.

What does the rapid evolution of privacy legislation mean for contact centres?

Contact centres can take a proactive approach to managing privacy concerns. A vital element of this is call recordings and customer data, where industries, including Financial Services, must also hold call recordings for seven years when an Australian Financial Services licensee provides personal advice to a retail client.   

What technology can be used to help manage compliance and privacy requirements?

Cloud contact centre software enables a business’s service representatives or sales teams to interact with customers across multiple channels, including Voice, Email, SMS, Web Chat and Social Media.

Using ipSCAPE’s cloud contact centre solution, your business will be able to benefit from:

The in-built call recording module Recording customer interactions is necessary for compliance when disclosing personal information. ipSCAPE’s call recording software can be activated per campaign, enabling your business to capture when customers provide informed consent, a legislative requirement when gathering personal information. Moreover, an agent can insert a ‘call tag’ on the interaction to improve operational efficiencies when reviewing previous conversations to signify when the customer provided informed consent. A call tag is an easily identifiable visual icon, and managers can click the tag to listen to that section of the recording. In doing so, managers can quickly locate a critical part of the call rather than spend time listening to the entire conversation.

The Quality Assurance (QA) tool The QA tool enables managers to conduct contact centre quality monitoring by evaluating agent interactions by creating a questionnaire. To indicate the agent’s performance, a score is produced on each interaction based on how well the questionnaire’s criteria were satisfied. This native contact centre tool is specifically helpful to ensure adherence to the proposed amendments of the Privacy Act 1988 (Cth) – managers can design the questionnaire to include the exact questions and keywords an agent must communicate on a call when requesting a customer’s informed consent for the business to obtain and handle their personal information. This practice can assist managers in taking proactive action if a concern arises from the QA score, such as providing tailored contact centre coaching to improve agent behaviour and ensure compliance is met.

Multi-channel communication capabilities A key amendment involves small businesses, regardless of their annual revenue turnover, to notify customers if they have been affected by a data breach. ipSCAPE’s cloud contact centre solution provides access to multiple communication channels on a single interface, so businesses have the communications tools necessary to reach and engage with customers quickly. Using ipSCAPE’s multi-channel software, managers can configure an outbound dialling campaign by uploading a list of all customers affected by a data breach. This process can be completed within minutes. Depending on your organisation’s preferences, digital channels such as email or SMS can be used to inform any customer involved.

ipSCAPE RAMP – The call recording storage solution your business needs to manage call recordings in a compliant manner

Future amendments to the Privacy Act 1988 (Cth) stipulates how organisations handle and store personal information. It also highlights how data needs to be destroyed when it is no longer required, which is in line with the requirements of GDPR. ipSCAPE RAMP is a cloud-based call recording storage solution that allows businesses to store, access and manage historical recordings from one centralised platform. The solution securely aggregates call recordings from multiple archives, enabling enterprises to migrate from one telephony or Contact Centre platform to another without concern for losing data.   

Built with specific GDPR functionality, managers can manually delete a recording, including all personally identifiable information and call metadata. However, the Interaction ID will remain to reflect a call occurred. Moreover, ipSCAPE RAMP enables managers to create deletion rules based on specific parameters, such as the year a recording appeared. This function automates destroying data when it is no longer required, preventing this information from being exposed if a privacy breach occurs.

With new requirements and an expanded definition of ‘personal information,’ the Privacy Act 1988 (Cth) will strengthen an individual’s privacy protection, which offers protection for customers in a data-driven world. To ensure adherence to these future regulatory obligations, your organisation should proactively implement technology such as ipSCAPE’s cloud contact centre software and ipSCAPE RAMP.

Would you like to learn more about how ipSCAPE’s technology can help your organisation manage these future regulatory requirements effectively? Contact ipSCAPE today to learn more about how our cloud contact centre software and advanced call recording storage solution, ipSCAPE RAMP, can help your organisation prepare accordingly by having the right technology in place to avoid non-compliance.

ipSCAPE is a feature-rich, scalable cloud communication technology solution with advanced integration capabilities. We help businesses connect with their customers through multi-channel communications, including Voice, Web Chat, Email, SMS, IVR and other emerging channels.