Are You Ready For The New Privacy Laws?
Privacy has become major concern in the digital world. In order to keep pace with rapid technological development, in December 2012 the Australian Government introduced the Privacy Amendment (Enhancing Privacy Protection) Act 2012 (Cth). This Act introduced a number of key changes to Australian privacy laws, which take effect from 12 March 2014.
What are the main changes?
The definition of personal information has been amended to include information about an individual who is ‘identified’ or ‘reasonably identifiable’. Significantly, this new definition contemplates the linking of information and/or data sets (held by one or multiple entities), which will render an individual identifiable or reasonably identifiable.
Image: g4ll4is
This Act also introduces the Australian Privacy Principles (APPs), a set of mandatory privacy principles which replace the National Privacy Principles and the Information Privacy Principles contained in the Privacy Act 1988 (Cth). The APPs apply to all organizations that collect personal information and have a minimum annual turnover of $3 million. The APPs relate to the collection, storage, security, use, disclosure, access and correction of personal information. Penalties for breach of the APPs can be up to $1.1 million.
What should I do?
To ensure that you and your clients are compliant with the new laws, you should:
- review and update your Privacy Policy to ensure that it is compliant with the new laws;
- review your practices and procedures for handling personal information and enquiries;
- prepare a collection statement for display at the time of collection of personal information, and ensure that it contains all the information required under the new rules;
- ensure you have an appropriate process for accessing and reviewing complaints; and
- ensure your staff are adequately trained.
The introduction of the APPs and changes to the Privacy Act will impact the way that your agency and clients collect, use and disclose personal information. It is expected that you and your clients will be fully compliant with the new obligations under the Privacy Act and you should therefore consider the changes you and your clients will need to make to comply by 12 March 2014.