The privacy laws in Australia have been changed, with the introduction in March this year of the Australian Privacy Principals (APP’s). These have replaced the old National Privacy Principals (NPP’s) and Information Privacy Principals (IPP’s). This fact sheet contains important information about how these vital and wide reaching laws may affect you, your business and your family.

The purpose of the Privacy Amendment (Enhancing Privacy Protection) Act 2012 is to update the Privacy Act 1988 into the 21st Century. When the original legislation passed, online technology was virtually non-existent. Now, it is a completely different landscape where an individual’s private information can be collected and stored with the click of a button. These changes, which are the most extensive to be made to the Act since it was passed in 1988, will provide greater protection against the misuse and exploitation of this information.

Previously, private organisations were bound by the old NPP’s and Government organisations by the old IPP’s. Now, the new APP’s will govern both sets of organisations, which will be individually referred to as APP entities. For a private organisation to be considered an APP entity its annual turnover must exceed $3million. APP entities must ensure that they are completely familiar with the APP’s, how they differ from the old governing principals and change their policies and procedures accordingly.

Primarily, the new Principles will restrict what sort of information can be collected, how it can be used and with whom it may be shared. There will also be new consumer credit reporting reforms as well as new and increased powers for the Australian Information Commissioner, for example the ability to impose additional requirements on any one or collective group of APP entities, the ability to conduct privacy performance assessments and the power to make applications to the Federal Court for civil penalty orders.

The main changes that will come into effect with the APP’s are as follows:

  • Privacy Policy

Each APP Entity must have a clearly defined and prominently displayed Privacy Policy. The policy must cover what type of information is being collected, how it is being used and by whom. There must also be evidence of the practices and procedures that have been put in place by the entity to ensure compliance with the APP’s. This includes ensuring the online security systems are able to protect any information from “interference” e.g. computer attack. There will also be a general requirement for APP entities to obtain an individual’s consent before collecting any personal information.

  • Unsolicited Information

In an age where large amounts of information are transferred with the click of a single button, it is easy for some of that information to get lost and arrive in places where it wasn’t intended. As an APP entity, if you receive any of this unsolicited information, you will now be obligated to destroy it as soon as is practicable, provided that the information is not needed to carry out any of the entity’s functions.

  • Offshore Outsourcing

Where any entity discloses private information to an overseas recipient, it is encumbant upon the APP entity to ensure that all steps are taken to ensure the security of the information provided. This can be done by informing the individuals concerned about where their information is going to be sent, who will be privy to it, for what purpose and by getting the individual’s consent beforehand. In the event that the security of the information is corrupted by the offshore recipient, and the appropriate steps have not been taken, the APP entity can be held liable.

  • Direct Marketing

APP entities will generally be prohibited from using any personal information for direct marketing purposes. At the same time, any recipients of unsolicited direct marketing will now be able to get the organisation to tell them where they got their personal information.

  • Credit Reporting

The changes will also enable people to benefit from a more fair and thorough method of investigating people’s credit history, by allowing for the disclosure of “positive information” (e.g. repayment history). Individuals will also benefit from easier access to their personal information so that they can ensure there are no issues or errors.

  • Fines and Penalties

Along with the new investigatory powers provided to the Commissioner, significant monetary penalties can be imposed on entities found to be in breach of the guidelines. The maximum penalty that can be imposed on individuals has been increased to $340,000 while the maximum imposed on APP entities is now $1.7 million.

The pressing priority now for all APP Entities-in-waiting is to ensure they are compliant with the Reform Act changes. This includes:

– An audit on current privacy policy and procedures and how they should be altered;

– Obtaining independent legal advice about where your business currently stands; and

– Reviewing contracts and updating staff training and manuals.

If you would like any further information regarding the upcoming changes to Australia’s Privacy laws, please don’t hesitate to contact our office on 1800 000 993 or by email on