The new Australian Privacy Principles (APPs) together with a number of important amendments to the Privacy Act 1988 (Commonwealth) come into effect from 12 March 2014. The changes add to the management of personal information obtained about individuals as well as providing for significant penalties for non compliance. The aim is to require agencies and private sector organisations to be increasingly open and transparent in their management of personal information.
It will affect the following organisations:
- Individuals, companies, partnerships and unincorporated associations with an annual turnover of $3,000,000.00 or more; and
- Agencies - for example, a State department or bodies established or appointed for a purpose under the Commonwealth legislation.
Failure to comply may result in a Court Order against an entity with a fine up to $1,700,000.00 or $340,000.00 for individuals.
What are the compliance requirements for the new Australian Privacy Principles?
- The requirement for disclosure of personal information to overseas recipients. In these circumstances the entity or organisation must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the personal information disclosed. It is wise to enquire who actually will store or "hold" the information and this is especially important with the development of virtual storage (stored in the cloud) capacities of the internet;
- In relation to the collection of unsolicited information (that is information not requested but provided nonetheless), to be compliant the organisation should implement a policy for dealing with unsolicited personal information received. A procedure should provide for the collection of unsolicited information in a way that is de-identified and destroyed if it is lawful to do so;
- A review of privacy policies currently in existence is encouraged in order to ensure that they are easy to read and freely accessible. This includes being accessible on the organisation's website, in plain English and in a format that can be downloaded by those who wish to read it.