Insurance intermediaries are still in “catch-up mode” 100 days after the introduction of new privacy laws, according to consultants Gold Seal.

The Privacy Amendment Act took effect on March 12 but most intermediaries left it late before “suddenly realising how much work complying entailed”.

Gold Seal says compliance is an ongoing process and particularly challenging for intermediaries.

Senior management must “be aware of all things privacy”, and sound risk management should be in place to deal with possible breaches.

“Focus should be placed not simply on what is done with the information, but how the business is disclosing this to people when collecting their personal information.”

Gold Seal says regulators have provided resources to help businesses, but prosecutions would provide clarity on interpretation and whether fines will approach the maximum penalties of $340,000 for individuals and $1.7 million for corporations.

MD Sheila Baker says cloud-based services will be a particular issue for companies.

“Using a locally hosted document management system would definitely help,” she said.

“But we think it will be really interesting how the regulators decide to deal with cloud-based services, particularly those where businesses have very limited control, such as LinkedIn and Gmail.”