LawTalk Blog

Australian Privacy Laws tightening up

personal injury and privacy laws

The new Australian Privacy Principles (APPs) together with a number of important amendments to the Privacy Act 1988 (Commonwealth) come into effect from 12 March 2014.  The changes add to the management of personal information obtained about individuals as well as providing for significant penalties for non compliance.  The aim is to require agencies and private sector organisations to be increasingly open and transparent in their management of personal information.

It will affect the following organisations:

  1. Individuals, companies, partnerships and unincorporated associations with an annual turnover of $3,000,000.00 or more; and
  2. Agencies - for example, a State department or bodies established or appointed for a purpose under the Commonwealth legislation.

Failure to comply may result in a Court Order against an entity with a fine up to $1,700,000.00 or $340,000.00 for individuals.

What are the compliance requirements for the new Australian Privacy Principles?

Compliance with APPs requires more than just having a privacy policy in place.  The organisation must have appropriate procedures to manage personal information about individuals.  These must be compliant with the APPs and must be actioned by the organisation on a day to day basis.  Important matters to note in relation to compliance are:

  1. The requirement for disclosure of personal information to overseas recipients.  In these circumstances the entity or organisation must take reasonable steps to ensure that the overseas recipient does not breach the APPs in relation to the personal information disclosed.  It is wise to enquire who actually will store or "hold" the information and this is especially important with the development of virtual storage (stored in the cloud) capacities of the internet;
  2. In relation to the collection of unsolicited information (that is information not requested but provided nonetheless), to be compliant the organisation should implement a policy for dealing with unsolicited personal information received.  A procedure should provide for the collection of unsolicited information in a way that is de-identified and destroyed if it is lawful to do so;
  3. A review of privacy policies currently in existence is encouraged in order to ensure that they are easy to read and freely accessible.  This includes being accessible on the organisation's website, in plain English and in a format that can be downloaded by those who wish to read it.

Andersons Solicitors can help prepare a privacy policy for your organisation which is compliant and can advise on implementation procedures if required.

Please note, this Blog is posted in Adelaide, South Australia by Andersons Solicitors. It relates to Australian Federal legislation. Andersons Solicitors is a medium sized law firm servicing metropolitan Adelaide and regional South Australia across all areas of law for individuals and businesses.

Contact Us

For enquiries, please fill in the following contact form