New changes to the Privacy Act 1988 (Privacy Act) come into effect in March this year. These changes may create new obligations for you, especially if your business (including not for profit organisations):
• has an annual turnover of more than $3 million
• is a health service provider
• buys and sells mailing lists
• provides services under a Commonwealth contract; or
• operates a residential tenancy database.
What are the privacy law changes?
The new changes to the Privacy Act have come about due to the Privacy Amendment (Enhancing Privacy Protection) Act 2012.
The key changes are:
1. the introduction of new data privacy laws and thirteen new Australian Privacy Principles (APPs)
2. greater powers of the Australian Information Commissioner
3. new laws on codes of practice aboutinformation privacy(APPcodes)
What does it mean for you?
Several APPs are significantly different from the existing National Privacy Principles (NPPs) and create new obligations for businesses in terms of how they collect, use, disclose and store personal information about individuals, especially if they engage in direct marketing or transfer their customers’ information off-shore.
Importantly, the new APPs change the information that businesses must provide to their customers in privacy disclaimers, privacy policies and privacy statements. Penalties for serious or repeated breaches of the APPs include fines of up to $1.7 million for agencies and companies and $340,000 for individuals.
A new mandatory credit reporting privacy code(the CR code) developed by the Australian Retail Credit Association under the new Privacy Laws also takes effect from 12 March 2014. The CR code is registered with the Office of the Australian Information Commissioner and binds all credit reporting bodies, credit providers and affected information recipients.
Are your privacy documents up to date?
In light of the imminent changes to privacy laws, now would be a good time for businesses to update their privacy documentation, including privacy policies, privacy disclaimers and privacy provisions in contracts (especially contracts which involve cloud computing). To ensure compliance with the new APPs, such reviews and updates should be conducted prior to 12 March 2014.
ARETE Group has lawyers with expertise in privacy law. We would be pleased to assist with any privacy advice or services. Call us on 02 6162 1639, visit us at www.aretegroup.com.au , or email our privacy expert, Margaret Grant, at [email protected]