On 12 March 2014, significant changes to the Privacy Act 1988 (Cth) commenced operation. The changes affect certain businesses, not-for-profit organisations, as well as some Government agencies that collect, receive, hold, use and disclose personal information.
Changes to the Privacy Act include a set of thirteen new and harmonised Australian Privacy Principles (APPs) that now regulate the handling of personal information by certain government agencies and organisations. The APPs replace what used to be the National Privacy Principles and the Information Privacy Principles. These amendments were created to provide the individual with greater control over their personal information and the manner in which it is dealt with by businesses or Government agencies.
What is personal information?
Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable. Information is ‘personal’ regardless of whether the information or opinion is true or not, or whether it is recorded in a material form or not.
This includes contact details such as names and addresses, credit card history and other financial information, email addresses, photographs, service preferences etc.
Under the APPs, a higher standard of protection is afforded to ‘sensitive information’ which includes health related information, DNA and biometric data.
What does this mean for you?
Organisations and Government agencies that are bound by the APPs are now required to develop detailed privacy policies that are both clear and easily accessible.
These policies must contain information relating to the nature of personal information held by an organisation and its purposes, the manner in which this information is collected, how the information can be accessed, the frameworks in place for complaints to be lodged by clients in situations of breach of the APPs, as well as the likelihood of disclosure of personal information to overseas recipients.
A number of other key amendments have been made to the Privacy Act. These include:
- Enhanced power for the Australian Information Commissioner, particularly in relation to dealing with privacy breaches and seeking penalties. Breaches may attract penalties of up to $340, 000 for individuals and $1,700,000 for bodies corporate. Further, the Commissioner can develop and register binging codes in relation to public privacy that are held to be in the ‘public interest’.
- Changes to credit reporting laws and the introduction of a more comprehensive credit reporting scheme
- Creation of resources by the Office of the Australian Information Commissioner to assist businesses and agencies with implementing reform
- Greater control over the disclosure of personal information overseas, including potential liability for businesses or agencies that fail to ensure that information disclosed overseas complies with the APPs.