The Australian Government's reforms to the Privacy Act 1988 introduce new rights for individuals, tighter data handling obligations for businesses, and increased penalties for non-compliance. For mortgage brokers who collect sensitive financial and personal information daily, these reforms have direct implications for how your CRM stores, processes, and protects client data.
Key reforms affecting brokers
- Right to erasure, clients can request deletion of their personal data
- Mandatory data breach notification within 72 hours
- Strengthened consent requirements for data collection and use
- Higher penalties for privacy breaches (up to $50 million or 30% of turnover)
- New obligations for automated decision-making transparency
CRM readiness checklist
Your CRM must support: data export on client request (portability), data deletion workflows that respect retention obligations (NCCP requires 7-year retention, so deletion requests need careful handling), consent tracking with timestamps, and breach notification workflows. If your CRM can't demonstrate these capabilities, you're exposed under the new penalties.
Balancing privacy with compliance retention
The tension between 'right to erasure' and NCCP's 7-year retention requirement is real. Brokers can't simply delete all client data on request, they have a legal obligation to retain records of credit assistance. The solution is selective deletion: remove marketing-related data and communication preferences immediately, while retaining compliance-mandated records with clear legal basis documentation.
Frequently asked questions
Can a client force me to delete all their data?
What are the penalties for privacy breaches under the reforms?
Does my CRM need to support data portability?
Ready to see it in action?
CRMandGo is built for Australian brokers. Start your free trial, no credit card, no lock-in.
Start free trial