Changes to privacy laws in Australia will come into force from
12 March 2014. The Privacy Amendment (Enhancing Privacy Protection)
Act 2012 (Cth) (the "Act") amends the current Privacy Act
1988 and will aim to increase privacy protection by providing
greater access to personal information to individuals and
strengthening obligations on entities collecting personal
A single set of new privacy principles, the Australian Privacy
Principles ("APPs"), will apply both to Commonwealth
agencies and private sector organisations and will replace the
Information Privacy Principles ("IPPs") and the National
Privacy Principles ("NPPs") that currently govern the
public and private sectors respectively.
The APPs contain some significant changes including:
Requirement for organisations to demonstrate that steps (such
as implementing practices, procedures and systems) are being taken
to comply with the new principles
Increased obligations to inform individuals about their
personal information including details about the countries to which
their personal information might be transferred, their rights of
access to their personal information and the complaint processes
available to them
Provisions governing the use of personal information for direct
Greater accountability for organisations sending personal
information to overseas recipients.
Changes to Credit Reporting Laws
The Act will also introduce changes to credit reporting laws
the introduction of more comprehensive credit reporting, with
the ability to report on an individual's current credit
commitments and their repayment history information over the
previous two years
a simplified and enhanced correction and complaints
a prohibition on the reporting of credit related information
a prohibition on the reporting of defaults of less than
the introduction of specific rules to deal with pre-screening
of credit offers
the introduction of specific provisions that allow an
individual to freeze access to their credit related personal
information in cases of suspected identity theft or fraud
the introduction of civil penalties for breaches of certain
credit reporting provisions.
What are my next steps?
The maximum penalty for a serious or repeated breach of privacy
will be $340,000 for individuals and $1.7 million for entities.
To ensure that your organisation does not breach the Act you
should consider having reviewed and updated any customer marketing
material, privacy policies and procedures, website and social media
material, and other documents involving personal information.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).