Three in five Australian companies are unprepared for the Privacy Amendment Act (PAA) according to a report commissioned by Iron Mountain.

The information management services company tasked Galaxy research to investigate the preparedness of Australian business for the implementation on March 13 2014.

Learn how smart CIOs are protecting customers from security breaches

Iron Mountain said the report showed 17 per cent of companies were completely unaware of the impending changes to the nation's privacy laws.

This is a troubling statistic considering Privacy Commissioner, Tim Pilgrim, has made it clear there will be no grace given to organisations who are found to be in breach of the new regulations.

Fines of up to $1.7 million could be imposed on companies that fail to comply with new Australian Privacy Principles (APP) that accompany the first major change to the law in over 25 years.

The APP is a set of principles that will cover public and private institutions when the amendments to the privacy act come into effect on March 12 2014.

As of December 2013, over three in five Australian companies had not begun to prepare for the introduction of the new laws and principles according to the study.

Iron Mountain managing director, Greg Lever, said one of the most interesting findings in the report is the evolution of the information risk officer role.

He said in the past few years the role has become an integral part of operations at many companies.

According to Lever, organisations that employ an information risk officer are more likely to be in the process of making changes to comply with the PAA, be familiar with the draft mandatory breach notification legislation, ensure information security is integrated through training and have an ISO 27000 accreditation.

"Many of the findings of the study confirm what we have suspected to be the case for some time," Lever said. "While organisations are coming to recognise the importance of information as a source of competitive advantage, too many are either unaware or simply not ready for the challenges of today's information landscape."