More than three out of five Australian organisations appear to be unprepared for the Privacy Amendment Act (PAA), according to a new study from storage and information management company Iron Mountain. This lack of preparedness may leave organisations vulnerable to new fines and penalties when the changes take effect on March 12. 

Galaxy Research asked more than 100 information security managers at medium to large Australian organisations about their state of preparedness for the new privacy regime.

It found the majority of organisations are unprepared for the changes to the Act, with 46 percent having not evaluated the law’s impact to their business, and 17 percent completely unaware of it. 

1. As of December 2013, more than three out of five organisations surveyed had not yet commenced any activity to prepare for the new legislation, effective 12 March;
2. Seventeen percent of organisations have experienced a material information mishap - either loss or disclosure, from accidental or malicious means - in the year prior to December 2013.
3. More than 70 percent of organisations believe that the risks associated with management of information are greater than ever.

“Perhaps the most interesting finding is the evolution of the information risk officer role within Australian organisations,” said Greg Lever, managing director, Iron Mountain Australia. “Just a few short years ago, information was barely part of the risk manager’s portfolio. Now, it has become a standalone role in many companies, demonstrating just how crucial information management has become.”

Organisations that have an information risk officer are, on average, twice as likely as others to do the following: 

1. Be in the process of making changes to comply with the PAA
2. Be familiar with the draft Mandatory Breach Notification legislation
3. Ensure that information security is ingrained in every employee through training
4. Have ISO 27000 accreditation 

“Many of the findings of the study confirm what we have suspected to be the case for some time,” Lever said. “While organisations are coming to recognise the importance of information as a source of competitive advantage, too many are either unaware or simply not ready for the challenges of today’s information landscape.”

Iron Mountain has also released a Quick Guide to the Australian Privacy Principles in partnership with global legal firm K&L Gates. The guide provides advice to assist businesses to better understand the new regulations. 

“The Information Commissioner has signalled his intention to actively enforce the new Privacy Regime from the 12th of March, so it would be wise for all affected businesses to take steps to ensure they understand and comply with the APPs," said Andrea Beatty, partner, K&L Gates.

Increasingly, many organisations see information, and the way it is handled, as their competitive advantage. In parallel with the proliferation of information, regulators have become more involved in the way organisations store and handle this information, and as a result, the risks to Australian organisations associated with the management of information are now greater than ever. The full report is available HERE