The Privacy Amendment Act 2000 was passed by the Senate on December 6, 2000 -- giving companies 12 months to get ready for the new scheme.
The key things companies need to be wary of, according to executive director of the Australian Privacy Compliance Centre, Mark Sumich, is collecting more information than is necessary, not having a practical IT system in place to gain access to that data, and not having sufficient security for storage of that data.
According to the office of the Federal Privacy Commissioner, Malcolm Crompton: -it's very difficult for us to judge at this stage" how many businesses comply with the country's privacy laws.
Preliminary research, to be released in July, suggests that medium to small businesses are the ones not on top of it, according to the Commissioner's office, although -it's not a huge number...our statistics are not showing that many are unprepared".
The research shows good signs that businesses are starting to work towards meeting their new responsibilities, Crompton said.
"More than a third of respondents indicated that they had allocated responsibility for privacy matters within their organisation, and were aware that their industry association had privacy guidelines in place."
However, Sumich is not so optimistic.
-Not very many [businesses] are compliant," he insisted.
-The penny is starting to drop...but there are too many companies still at first base," Sumich added.
-There are a lot that won't be ready by the December 21 deadline."
Sumich said that what concerns him most is the number of businesses that are not even aware of what the requirements are.
The Privacy Commissioner agrees that business's knowledge base is low. "Understandably, business is showing some concern that they are not in a position to meet their new responsibilities," he said.
Only one in ten respondents indicated that they felt they had sufficient information available to prepare for their new responsibilities, according to the Commissioner.
"This Office will be working hard to get information out into the business community to assist organisations in meeting their new responsibilities," Crompton said.
The Commissioner's office claims that guidelines released on its Web site www.privacy.gov.au at the end of March and again at the end of June have had in excess of 50,000 hits during the two to three month period -- implying that businesses are at least trying to suss out what they have to do.
Whilst the Commissioner doesn't have the power to impose fines for non-compliance, he can take remedial action, including forcing the company to pay compensation to customers or employees whose privacy has been breached.
There's no limit on the amount of compensation payable and it can be enforced by the Federal Court, Crompton's office confirmed.
Sumich also said that a -good company" should be up-front about its surveillance of employees' Internet use.
My guess is, Most small to medium companies won't do anything to comply until the Commissioner twists their arm(in $$$ terms) up their backs. A clear indication is the current poll. 95% don't even know about it!!