Businesses that deal with an individual's personal
information in any way must take steps to deal with the new privacy
amendments or risk penalties of up to $1.7 million for breaches by
corporations and up to $340,000 for breaches by individuals.
'Personal information' is defined broadly and includes
information such as names, addresses, financial information,
sensitive information (e.g. health, religion, etc.), email
addresses or any other 'information or an opinion about an
identified individual, or an individual who is reasonably
identifiable'. The amendments primarily apply to businesses
that have an annual turnover of more than $3 million.
The Privacy Amendment (Enhancing Privacy Protection) Act
2012 (Cth) essentially rewrites the existing privacy laws. The
introduces 13 'Australian Privacy Principles' to deal
with the handling of personal information;
comprehensively amends the credit reporting provisions;
strengthens the Australian Information Commissioner's
powers and clarifies non-compliance consequences; and
allows for new privacy and credit reporting codes that will
bind specified agencies and organisations.
Australian Privacy Principles (APPs)
The APPs replace the previous National Privacy Principles (for
private entities) and Information Privacy Principles (for public
entities). Some key ramifications for affected entities are:
that is easily accessible. (Usually this means the policy is on
You must only collect personal information for permitted
reasons and once collected, you must deal with the personal
information in accordance with the APPs.
You must notify individuals of certain privacy matters before
collecting their personal information.
You must follow strict procedures for dealing with unsolicited
You cannot use personal information for direct marketing
purposes unless you satisfy an exception.
You must take steps before you disclose information to overseas
recipients to ensure they do not breach the APPs (e.g. outsourcing
or cloud computing).
You must adhere to any codes (APP codes) established for your
particular industry or market.
Information Commissioner and Penalties
Under the new amendments, the Australian Information
Commissioner has enhanced powers to resolve privacy issues, such as
investigating privacy breaches on its own motion, accepting
enforceable undertakings, seeking civil penalty orders, declaring
compensation orders and conducting privacy performance assessments.
Individuals or corporations that seriously interfere with a
person's privacy or repeatedly interfere with a person's
privacy are liable for fines of up to $340,000 (for individuals) or
$1.7 million (for corporations).
The credit reporting provisions have also been comprehensively
revised to expand the number of entities subject to the credit
reporting provisions and include similar requirements to those in
the APPs. Credit providers will also be able to access further
information when assessing an individual's credit worthiness.
Most businesses that render invoices with deferred payment terms
(more than seven days) will be subject to the new credit reporting
Commencement date and what you should do now
The amendments will commence on 12 March 2014.
To ensure a seamless transition under the new law and ensure
they fully comply with their privacy obligations businesses
seek advice now as to how the privacy amendments affect
revise their privacy policies;
review their collection processes;
review existing contracts (particularly any outsourcing
arrangements or cloud computing);
put in place procedures and processes for complying with the
new notification requirements; and
educate their staff on the new amendments.
Winner – EOWA Employer of Choice for Women Citation 2009,
2010, 2011 and 2012
Winner – ALB Gold Employer of Choice 2011 and 2012
Finalist – ALB Australasian Law Awards 2008, 2010, 2011 and
2012 (Best Brisbane Firm)
Winner – BRW Client Choice Awards 2009 and 2010 - Best
Australian Law Firm (revenue less than $50m)
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Those types of personal disclosure may still be permitted under the Privacy Act as long as your house is in order.
Some comments from our readers… “The articles are extremely timely and highly applicable” “I often find critical information not available elsewhere” “As in-house counsel, Mondaq’s service is of great value”
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).