Amendments to Privacy Laws – Is your business compliant?

View All Articles

The Australian Privacy Principles

On 12 March 2014, the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth) will come into effect. This amending Act drastically bolsters existing privacy protection measures offered to consumers and reflects increasing public concerns regarding the handling of personal information by businesses, particularly in the online environment.

The Act also introduces the “Australian Privacy Principles” (“the APPs”) which will replace the former “National Privacy Principles” and the “Information Privacy Principles” from 12 March 2014.

What has changed with the privacy laws?

All businesses with an annual turnover exceeding $3 Million and who come into the possession of personal data, irrespective as to how the personal information was obtained, must now have their own privacy policy. In order to comply with APP 1.4, this privacy policy needs to address, without limitation, the following matters:

  • the kinds of personal information that the business collects and holds;
  • how the business collects and holds personal information;
  • the purposes for which the business collects, holds, uses and discloses the personal information;
  • how an individual may access personal information about the individual that is held by the business and seek the correction of such information;
  • how an individual may complain about a breach of the Australian Privacy Principles, or a registered APP code (if any) that binds the business, and how the business will deal with such a complaint;
  • whether the business is likely to disclose personal information to overseas recipients; and
  • if the business is likely to disclose personal information to overseas recipients—the countries in which such recipients are likely to be located if it is practicable to specify those countries in the policy.

The privacy policy also needs to be readily accessible to clients and customers of the business.

Implications for you

If you operate a business that generates an annual turnover exceeding $3 Million and which comes into the possession of personal data, the next few weeks represent an ideal opportunity for you to conduct a full audit of your business to ensure its compliance when the new Act takes effect from 12 March 2014.

In preparing your new privacy policy regard needs to be taken to the APP’s. You should also ensure the revision of the policy is undertaken in a collaborative manner with all members of your organisation who come into contact with personal information, given fundamentally these persons will be responsible for your compliance with the policy as well as the APP’s.
It is also a good idea to make your new policy available on your business’ website to ensure it is readily accessible to customers or clients in accordance with APP 1.5.

Given the new Act imposes fines for non-compliance of up to $1.7 million for agencies and companies and up to $340,000 for individuals, it is now really non-negotiable for business owners to address the way in which they handle personal information and to implement strategies into their business operations to ensure ongoing compliance with the APP’s.

At FC Lawyers we can assist you in preparing a privacy policy unique to your business which is compliant with the new regime, as well as providing professional advice regarding other aspects of the new privacy regime.

Please do not hesitate to contact me should you have any questions or queries regarding the amendments to privacy laws or any privacy laws issues.

The information provided in this article is for general information and educative purposes in summary form on legal topics which is current at the time it is published. The content does not constitute legal advice or recommendations and should not be relied upon as such. Whilst every care has been taken in the preparation of this article, FC Lawyers cannot accept responsibility for any errors, including those caused by negligence, in the material. We make no representations, statements or warranties about the accuracy or completeness of the information and you should not rely on it. You are advised to make your own independent inquiries regarding the accuracy of any information provided on this website. FC Lawyers does not guarantee, and accepts no legal responsibility whatsoever arising from or in connection to the accuracy, reliability, currency, correctness or completeness of any material contained in this article. Links to third party websites or articles does not constitute any endorsement or approval of those sites or the owners of those sites. Nothing in this article should be construed as granting any licence or right for you to use that content. You should consult the third party’s terms and conditions of use in relation to any third-party content. FC Lawyers disclaims all responsibility and all liability (including liability for negligence) for all expenses, losses, damages and costs you might incur as a result of the information being inaccurate or incomplete in any way. Appropriate legal advice should always be obtained in actual situations.