Amendments to Privacy Laws – Is your business compliant?

The Australian Privacy Principles

On 12 March 2014, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) will come into effect. This amending Act drastically bolsters existing privacy protection measures offered to consumers and reflects increasing public concerns regarding the handling of personal information by businesses, particularly in the on-line environment.

The Act also introduces the “Australian Privacy Principles” (“the APPs”) which will replace the former “National Privacy Principles” and the “Information Privacy Principles” from 12 March 2014.

What Has Changed?

All businesses with an annual turnover exceeding $3 Million and who come into the possession of personal data, irrespective as to how the personal information was obtained, must now have their own privacy policy. In order to comply with APP 1.4, this privacy policy needs to address, without limitation, the following matters:

  • the kinds of personal information that the business collects and holds;
  • how the business collects and holds personal information;
  • the purposes for which the business collects, holds, uses and discloses the personal information;
  • how an individual may access personal information about the individual that is held by the business and seek the correction of such information;
  • how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the business, and how the business will deal with such a complaint;
  • whether the business is likely to disclose personal information to overseas recipients; and
  • if the business is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

The privacy policy also needs to be readily accessible to clients and customers of the business.

Implications for You

If you operate a business that generates an annual turnover exceeding $3 Million and which comes into the possession of personal data, the next few weeks represent an ideal opportunity for you to conduct a full audit of your business to ensure its compliance when the new Act takes effect from 12 March 2014.

In preparing your new privacy policy regard needs to be taken to the APP’s. You should also ensure the revision of the policy is undertaken in a collaborative manner with all members of your organisation who come into contact with personal information, given fundamentally these persons will be responsible for your compliance with the policy as well as the APP’s.

It is also a good idea to make your new policy available on your business’ website to ensure it is readily accessible to customers or clients in accordance with APP 1.5.

Given the new Act imposes fines for non-compliance of up to $1.7 million for agencies and companies and up to $340,000 for individuals, it is now really non-negotiable for business owners to address the way in which they handle personal information and to implement strategies into their business operations to ensure ongoing compliance with the APP’s.

At Sajen Legal we can assist you in preparing a privacy policy unique to your business which is compliant with the new regime, as well as providing professional advice regarding other aspects of the new privacy regime.

Please do not hesitate to contact me should you have any questions or queries regarding this post.

Tagged in: , , , , , , , , , , , , , , , , , , , , ,

Liability Limited by a scheme approved under professional standards legislation | Website by VA